[Secure-testing-commits] r48702 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Sat Feb 4 10:16:20 UTC 2017
Author: agx
Date: 2017-02-04 10:16:20 +0000 (Sat, 04 Feb 2017)
New Revision: 48702
Modified:
data/CVE/list
Log:
lts: more on libpodofo
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-04 08:46:30 UTC (rev 48701)
+++ data/CVE/list 2017-02-04 10:16:20 UTC (rev 48702)
@@ -505,23 +505,27 @@
CVE-2016-10194
RESERVED
NOT-FOR-US: festivaltts4r
-CVE-2015-8981
+CVE-2015-8981 [Heap overflow in the function ReadXRefSubsection]
RESERVED
- libpodofo <unfixed>
NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
NOTE: https://sourceforge.net/p/podofo/code/1672
-CVE-2017-5855
+CVE-2017-5855 [NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection]
RESERVED
- libpodofo <unfixed>
-CVE-2017-5854
+ NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
+CVE-2017-5854 [NULL pointer dereference in PdfOutputStream.cpp]
RESERVED
- libpodofo <unfixed>
-CVE-2017-5853
+ NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
+CVE-2017-5853 [Signed integer overflow in PdfParser.cpp]
RESERVED
- libpodofo <unfixed>
-CVE-2017-5852
+ NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
+CVE-2017-5852 [Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject]
RESERVED
- libpodofo <unfixed>
+ NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and putgreytile()]
RESERVED
- netpbm-free <not-affected> (vulnerable code not present)
More information about the Secure-testing-commits
mailing list