FTR, This issue won't get a CVE. This is the reply I got from cve-assign@ after I filled the new horrible web form:
> As far as we can tell, an end user experiences a loss of functionality
> after the podofopdfinfo command-line tool crashes with a NULL pointer
> dereference (because the end user can completely work around this by
> not repeating the specific command-line invocation, there would be no
> security impact).
>
> Although some parts of PoDoFo are library code that could be reached
> from an arbitrary application, the reported code in
> PdfInfo::GuessFormat appears to be reachable only from the
> podofopdfinfo command-line tool.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
