File poppler-CVE-2020-23804.patch of Package poppler.31743

Index: poppler-0.43.0/poppler/XRef.cc
===================================================================
--- poppler-0.43.0.orig/poppler/XRef.cc
+++ poppler-0.43.0/poppler/XRef.cc
@@ -702,6 +702,12 @@ GBool XRef::readXRefTable(Parser *parser
         ok = gFalse;
       }
     }
+    // Arbitrary limit because otherwise we exhaust the stack
+    // calling readXRef + readXRefTable
+    if (followedXRefStm->size() > 4096) {
+        error(errSyntaxError, -1, "File has more than 4096 XRefStm, aborting");
+        ok = false;
+    }
     if (ok) {
       followedXRefStm->push_back(pos2);
       readXRef(&pos2, followedXRefStm, xrefStreamObjsNum);

Places

File poppler-CVE-2020-23804.patch of Package poppler.31743

Places