|Main Archive Page > Month Archives > oss-security archives|
Am Dienstag 08 Februar 2011 11:54:16 schrieb Thomas Biege:
> Should CVE-IDs be assigned to this issues?
Sorry, I missed Josh'd mail.
> Am Freitag 21 Januar 2011 00:15:49 schrieb Dan Rosenberg:
> > I identified two issues in xpdf. I don't think the first requires a
> > CVE, since it's incredibly unlikely to be exploitable, but I include
> > it here in case someone disagrees.
> > 1. Due to an integer overflow when parsing CharCodes for fonts and a
> > failure to check the return value of a memory allocation, it is
> > possible to trigger writes to a narrow range of offsets from a NULL
> > pointer. The chance of being able to exploit this for anything other
> > than a crash is very remote: on x86 32-bit, there's no chance (since
> > the write occurs between 0xffffffc4 and 0xfffffffc). At least the
> > write lands in valid userspace on x86-64, but in my testing this
> > memory is never mapped. Fixed in poppler commit at , hopefully
> > fixed soon at xpdf upstream.
> > 2. Malformed commands may cause corruption of the internal stack used
> > to maintain graphics contexts, leading to potentially exploitable
> > memory corruption. Fixed in poppler commit at , hopefully fixed
> > soon at xpdf upstream.
> > -Dan
> >  http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
> >  http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
-- Thomas Biege <email@example.com>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach