oss-sec mailing list archives
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 4 Oct 2010 11:07:43 +0200
On Fri, 1 Oct 2010 15:16:48 +0200 Tomas Hoger wrote:
2fe825deac Prevents use of random value for PDF object that is not of numeric type as expected. This patch, however, does not seem to guard against invalid numeric values, so if some random value used due to an incorrect object type can cause crash later, I'd expect malicious numeric value to be able to achieve the same.
Oh, I was too focused on the value and missed OBJECT_TYPE_CHECK checks that cause abort() when object is not numeric. The impact is limited to unexpected application termination. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Tomas Hoger (Oct 01)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Tomas Hoger (Oct 04)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Josh Bressers (Oct 04)
- <Possible follow-ups>
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen (Oct 01)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Gerald Combs (Oct 01)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen (Oct 01)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Gerald Combs (Oct 11)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen (Oct 12)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Gerald Combs (Oct 01)