Control: forwarded -1

On Sun, Feb 04, 2018 at 01:24:53AM +0100, Matthias Brinke wrote:
> CVE-2018-5295 from the
> In PoDoFo 0.9.5, there is an integer overflow in
> the PdfXRefStreamParserObject::ParseStream function
> (base/PdfXRefStreamParserObject.cpp). Remote attackers
> could leverage this vulnerability to cause a denial-of-service
> via a crafted pdf file.

For cross-reference, this is being dealt upstream by this thread that
started the 6th of Jan:

> I've implemented a patch to fix this vulnerability, it is attached
> and tested

Thank you!
I've forwarded it upstream, see the first url above.

                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:                             : :'  :
Launchpad user:                  `. `'`
Debian QA page:  `-

Attachment: signature.asc
Description: PGP signature

Reply via email to