>From what I understand on the matter, poppler was affected by the vulnerability as well. It apparently has something to do with something going very far back before the fork happened between those two projects. I'm unsure if this vulnerability means that a malformed PDF would cause pdf2swf to start executing the stack. If so I think that this would warrant a new minor release to clear it up. I'd love to be able to pay for that support but for now I must go begging.
Do you have any plans for being able to dynamically link against vanilla poppler or xpdf? Or perhaps static linking against them? That would be necessary to get your project included in Fedora. On Sat, Oct 16, 2010 at 11:39 AM, Matthias Kramm <[email protected]> wrote: > On Thu, Oct 14, 2010 at 02:37:31PM -0700, David Schissler > <[email protected]> wrote: >> http://www.h-online.com/security/news/item/Vulnerabilities-in-Xpdf-affect-several-open-source-products-1107088.html > > Thanks for bringing this to my attention. I'll look into it. > > We also have support for linking pdf2swf against poppler instead of xpdf > in our queue. > > Matthias > > >
