oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request: xpdf

Re: [oss-security] CVE request: xpdf

From: Michael Gilbert <michael.s.gilbert_at_nospam>
Date: Wed Feb 02 2011 - 03:23:32 GMT
To: oss-security@lists.openwall.com

On Thu, Jan 20, 2011 at 11:15 PM, Dan Rosenberg wrote:
> 2. Malformed commands may cause corruption of the internal stack used
> to maintain graphics contexts, leading to potentially exploitable
> memory corruption.  Fixed in poppler commit at [2], hopefully fixed
> soon at xpdf upstream.

Correct me if I'm wrong, but it looks like all versions of xpdf and
poppler <= 0.12.x should not be affected by this issue (since graphics
states are not tracked via stackheight in those versions). Also,
according to redhat, poppler in rhel5 does not crash when tested with
your poc. Would you be willing to share so we can test that?

Best wishes,
Mike