Overview

File podofo-CVE-2019-20093.patch of Package podofo

From the upstream bug report proposed fix
From: Sandro Mani 
Date: Fri, 17 Jan 2020
Subject: podofo: denial of service (NULL pointer dereference) in PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h
References: https://bugzilla.opensuse.org/1223437
References: https://sourceforge.net/p/podofo/tickets/75/
References: CVE-2019-20093

--- podofo-0.10.4/tools/podofoimgextract/ImageExtractor.cpp
+++ podofo-0.10.4_new/tools/podofoimgextract/ImageExtractor.cpp
@@ -88,6 +88,11 @@
         //long lBitsPerComponent = pObject->GetDictionary().GetKey( PdfName("BitsPerComponent" ) )->GetNumber();
         // TODO: Handle colorspaces
 
+        if ( !pObject->GetDictionary().HasKey( PdfName("Width" ) ) || !pObject->GetDictionary().HasKey( PdfName("Height" ) ) )
+        {
+            PODOFO_RAISE_ERROR( ePdfError_BrokenFile );
+        }
+
         // Create a ppm image
         const char* ppmHeader = "P6\n# Image extracted by PoDoFo\n%u %u\n%li\n";

2020-01-17
openSUSE Build Service is sponsored by
Places