[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Bug 224448] poppler appears to be hit by CVE-2007-0104

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: poppler appears to be hit by CVE-2007-0104


fedora-triage-list redhat com changed:

           What    |Removed                     |Added
            Version|rawhide                     |9

thoger redhat com changed:

           What    |Removed                     |Added
             Status|NEW                         |NEEDINFO
               Flag|                            |needinfo?(michal harddata co
                   |                            |m)

------- Additional Comments From fedora-triage-list redhat com  2008-05-13 22:34 EST -------
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:

------- Additional Comments From thoger redhat com  2008-07-31 04:42 EST -------
Michal, do you still believe this issue affects current versions of poppler as
shipped in Fedora?  Recent versions of xpdf and poppler seem to detect loops in
page trees, so if you try to open MOAB-06-01-2007.pdf, you should get following

  Error: Loop in Pages tree

instead of crash due to a stack memory exhaustion caused by a deep recursion.

This check was added to poppler sources via sync with xpdf code base in the
following commit:


As you can see, it actually deprecates / removes previous check that used a
fixed recursion limit.  Loops should no longer be a problem.

(I guess it may still be possible to create deep-enough tree that would cause
stack memory exhaustion, but again, crash seems to be the only impact.  If you
are concerned, it's probably better to report it directly to upstream BZ.)

Ok to close this bug?

Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]