Hi,
On Thu, Oct 03, 2019 at 06:00:51PM +0200, Christian Weisgerber wrote:
> xpdf 4.02 fixed an out-of-bounds write, CVE-2019-16927.
> The German Federal CERT classified the vulnerability as "high risk",
> "remote attack", and "arbitrary code execution".
>
> Based on the report and the vague response...
> https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
> ... I extracted and adapted the fix from the diff between 4.01.01
> and 4.02.
I had a look at the diffs betwwen 4.01.01 and 4.02, too, and think your
diff is ok.
> This could use some more sanity testing over a collection of PDF
> files.
Onless other people do some testing, I could test tomorrow.
Ciao,
Kili
No comments:
Post a Comment