Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0
podofo
0033-Fix-for-CVE-2018-5309-integer-overflow-in-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch of Package podofo
Subject: Fix for CVE-2018-5309 - integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream Url: https://sourceforge.net/p/podofo/code/1907/ --- a/podofo/trunk/src/base/PdfObjectStreamParserObject.cpp +++ b/podofo/trunk/src/base/PdfObjectStreamParserObject.cpp @@ -95,6 +95,12 @@ const pdf_int64 lOff = tokenizer.GetNextNumber(); const std::streamoff pos = device.Device()->Tell(); + if( lFirst >= std::numeric_limits<pdf_int64>::max() - lOff ) + { + PODOFO_RAISE_ERROR_INFO( ePdfError_BrokenFile, + "Object position out of max limit" ); + } + // move to the position of the object in the stream device.Device()->Seek( static_cast<std::streamoff>(lFirst + lOff) );
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor