Re: [Podofo-users] Integer Overflow in PdfXRefStreamParserObject::ParseStream

On Sun, Feb 18, 2018 at 01:09:31PM +0100, zyx wrote: > Right. Since the bug tracker is opened, I guess the best would be to > use the bug tracker for new issues and for those CVE-s without patches, > thus they won't get lost. I've done so. I opened a bug report for all CVEs that TTBOMK are still

Re: [Podofo-users] Integer Overflow in PdfXRefStreamParserObject::ParseStream

On Sun, 2018-02-04 at 20:48 +0100, Mattia Rizzolo wrote: > The patch is attached (it's against released 0.9.5). Hi, thanks for forwarding the patch for CVE-2018-5295. I committed it as revision 1889: https://sourceforge.net/p/podofo/code/1889 > > (PS: should we start moving these kind

Re: [Podofo-users] Integer Overflow in PdfXRefStreamParserObject::ParseStream

On Sun, Jan 28, 2018 at 12:52:55AM +0100, Matthew Brincke wrote: > > > src/src/base/PdfXRefStreamParserObject.cpp:125:64: runtime error: > > > signed integer overflow: 3 + 9223372036854775807 cannot be > > > represented in type 'long int [3]' > > It looks like still CVE-worthy (specifically,

Re: [Podofo-users] Integer Overflow in PdfXRefStreamParserObject::ParseStream

Hello zyx, hello all, > zyx has written on 14 January 2018 at 11:55: > > > On Sat, 2018-01-06 at 09:25 -0500, Probe Fuzzer wrote: > > we found that on latest version of PoDoFo (RELEASE_0.9.5_rc1), > > Hi, > what is the RELEASE_0.9.5_rc1, please? The "rc1" suffix suggests