Your message dated Sun, 31 Aug 2025 11:22:49 +0200
with message-id <[email protected]>
and subject line Re: Bug#923415: libpodofo: CVE-2018-20797
has caused the Debian Bug report #923415,
regarding libpodofo: CVE-2018-20797
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
923415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923415
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libpodofo
Version: 0.9.6+dfsg-4
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/podofo/tickets/34/
Hi,
The following vulnerability was published for libpodofo.
CVE-2018-20797[0]:
| An issue was discovered in PoDoFo 0.9.6. There is an attempted
| excessive memory allocation in PoDoFo::podofo_calloc in
| base/PdfMemoryManagement.cpp when called from
| PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in
| base/PdfFiltersPrivate.cpp.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-20797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20797
[1] https://sourceforge.net/p/podofo/tickets/34/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 0.9.8+dfsg-1
On 2019-02-27 Salvatore Bonaccorso <[email protected]> wrote:
> Source: libpodofo
> Version: 0.9.6+dfsg-4
> Severity: important
> Tags: security upstream
> Forwarded: https://sourceforge.net/p/podofo/tickets/34/
> Hi,
> The following vulnerability was published for libpodofo.
> CVE-2018-20797[0]:
> | An issue was discovered in PoDoFo 0.9.6. There is an attempted
> | excessive memory allocation in PoDoFo::podofo_calloc in
> | base/PdfMemoryManagement.cpp when called from
> | PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in
> | base/PdfFiltersPrivate.cpp.
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
This was fixed upstream in 0.9.8.
1c439bb97e24800f8b1071962e5d0583d87aea31
Author: zyx <[email protected]> 2022-04-14 07:32:28
Committer: zyx <[email protected]> 2022-04-14 07:32:28
Precedes: 0.9.8, PoDoFo-next
Patch by Mark Rogers: Check that /DecodeParams values are in range
(CVE-2018-20797)
git-svn-id: https://svn.code.sf.net/p/podofo/code/podofo/trunk@2055
e6e4d1b7-ffb3-4f57-9d89-6d52b3892af5
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--- End Message ---
