Hi
This will be of interest to anyone testing PoDoFo or reviewing submitted
patches. It’s an analysis of 122 PDF CVEs found across a number of PDF products
presented at the Blackhat Security conference in March 2017. Products with most
CVEs found:
88 - Acrobat 88
15 - Foxit 15
8 – Adobe
Hi
Here are the unit tests for PoDoFo::PdfParser I’ve been working on. I’ve just
included the .cpp and .h files rather than a patch since they’re new files.
I’ve not included a patch for CMakeLists.txt – but I think all that’s needed
is adding ParserTests.cpp to the CMakeLists.txt file for
Hello Mark, hello all,
> On 19 April 2018 at 08:45 Mark Rogers wrote:
> Hi
> This will be of interest to anyone testing PoDoFo or reviewing submitted
> patches. It’s an analysis of 122 PDF CVEs found across a number of PDF
> products presented at the Blackhat
Hi
This code from PdfString::Write has a buffer overflow – it checks
buffer.GetSize() > 0 then sets nInputBufferLen=GetSize()-2 which is passed to
new[nInputBufferLen] and memcpy
if( pEncrypt && m_buffer.GetSize() && IsValid() )
{
pdf_long nInputBufferLen = m_buffer.GetSize() - 2; // Cut off