Here’s a simple patch for CVE-2018-5296 – it reduces the limit returned by 
GetMaxObjectCount from std::numeric_limits<long>::max() to 8,388,607 which is 
the limit for for the maximum number of indirect objects specified in Table C.1 
in Appendix C.2 Architectural Limits in PDF 32000-1:2008

Best Regards

Mark Rogers - mark.rog...@powermapper.com<mailto:mark.rog...@powermapper.com>
PowerMapper Software Ltd - www.powermapper.com
Registered in Scotland No 362274 Quartermile 2 Edinburgh EH3 9GL

Attachment: patch-CVE-2018-5296.diff
Description: patch-CVE-2018-5296.diff

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Podofo-users mailing list

Reply via email to