Hello,

thanks for reporting. Although this issue is no longer relevant in
Debian because it is fixed in Stretch and later releases, I have found
the root cause in Jessie and just addressed it. The patch for
CVE-2018-13988 introduced a regression which is the reason why pdfinfo
will segfault with the provided pdf file. I believe it is best to not
the change the code because it successfully protects users from this
specific kind of malformed pdf documents. The original issue is of low
priority anyway and there seems to be no real evidence that it really
triggers a buffer overflow.

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to