Hi again,

On Mon, 12 Mar 2018 16:44:00 +0100 "Poenicke, Andreas (TFP)" 
<andreas.poeni...@kit.edu> wrote:
> Hi,
> we encountered the same problem but with downloads of older publications 
> which probably also are scans.
> Having a closer look at the changes in 
>       poppler/0.26.5-2+deb8u2
> it seems the patch upstream_CVE-2017-9776.patch is incomplete. 
> Probably just a line with "continue;" is missing. 

if my analysis was correct, it means this bug is more severe than I thought
at first glance! In this case, instead of fixing CVE-2017-9776 by avoiding that 
the following code is executed by malformed documents ,and thus preventing an 
"Integer overflow leading to Heap buffer overflow", according to the patch 
upstream_CVE-2017-9776 the code is executed *only* for malformed documents! 

Rendering the patch ineffective and poppler-0.26.5-3+deb8u3 is probably still 
vulnerable to CVE-2017-9776!


Reply via email to