Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Thu, 19 Feb 2009 16:25:36 -0500
From: "Michael K. Johnson" <johnsonm@...th.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities

On Fri, Feb 13, 2009 at 11:20:40AM +0200, Pinar Yanardag wrote:
> 1) An uninitialised memory access error in the 
> "FormWidgetChoice::loadDefaults()" function can be exploited to cause a 
> crash via a specially crafted PDF document.

This is changeset 1fc342eadcbbb41302f190b215c5daf23c9ec9b1 in poppler's
git and is associated with poppler bug 19790

> 2) An error in the "JBIG2Stream::readSymbolDictSeg()" function can be 
> exploited to cause a crash via a specially crafted PDF document.

This is changeset d3f04f537fb3e963c149a7e2d8d83c7cb19da8c0 in poppler's
git and is associated with poppler bug 19702

These bugs were reported fixed in poppler-0.10.4.tar.gz, released on
February 10, 2009

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux