Overview

File 0033-Fix-for-CVE-2018-5309-integer-overflow-in-the-PdfObjectStreamParserObject-ReadObjectsFromStream.patch of Package podofo

Subject: Fix for CVE-2018-5309 - integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream
Url: https://sourceforge.net/p/podofo/code/1907/

--- a/podofo/trunk/src/base/PdfObjectStreamParserObject.cpp
+++ b/podofo/trunk/src/base/PdfObjectStreamParserObject.cpp
@@ -95,6 +95,12 @@
         const pdf_int64 lOff     = tokenizer.GetNextNumber();
         const std::streamoff pos = device.Device()->Tell();
 
+        if( lFirst >= std::numeric_limits<pdf_int64>::max() - lOff )
+        {
+            PODOFO_RAISE_ERROR_INFO( ePdfError_BrokenFile,
+                                    "Object position out of max limit" );
+        }
+
         // move to the position of the object in the stream
         device.Device()->Seek( static_cast<std::streamoff>(lFirst + lOff) );
openSUSE Build Service is sponsored by
Places