On Sun, Dec 16, 2018 at 10:53:26AM +0100, Salvatore Bonaccorso wrote: > Source: libpodofo > Version: 0.9.6+dfsg-3 > Severity: important > Tags: security upstream > Forwarded: https://sourceforge.net/p/podofo/tickets/23 > > Hi, > > The following vulnerability was published for libpodofo. > > CVE-2018-12983[0]: > | A stack-based buffer over-read in the > | PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in > | PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a > | denial-of-service via a crafted pdf file.
> [1] https://sourceforge.net/p/podofo/tickets/23 The ticket has a proposed patch, could you ping upstream to review/merge it? Cheers, Moritz