File 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch of Package podofo

Subject: Fix for CVE-2018-8001 - heap-based buffer over-read in UnescapeName()
Url: https://sourceforge.net/p/podofo/code/1909/

--- a/podofo/trunk/src/base/PdfName.cpp
+++ b/podofo/trunk/src/base/PdfName.cpp
@@ -134,7 +134,7 @@
     unsigned int incount = 0, outcount = 0;
     while (incount++ < length)
     {
-        if (*it == '#')
+        if (*it == '#' && incount + 1 < length)
         {
             unsigned char hi = static_cast<unsigned char>(*(++it)); ++incount;
             unsigned char low = static_cast<unsigned char>(*(++it)); ++incount;

Places

File 0034-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch of Package podofo

Places