Bug#942391: poppler-utils: pdfinfo Jessie crash (double free)

Markus Koschany apo at debian.org
Sun Oct 25 22:13:20 GMT 2020


thanks for reporting. Although this issue is no longer relevant in
Debian because it is fixed in Stretch and later releases, I have found
the root cause in Jessie and just addressed it. The patch for
CVE-2018-13988 introduced a regression which is the reason why pdfinfo
will segfault with the provided pdf file. I believe it is best to not
the change the code because it successfully protects users from this
specific kind of malformed pdf documents. The original issue is of low
priority anyway and there seems to be no real evidence that it really
triggers a buffer overflow.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20201025/67fbbbe6/attachment.sig>

More information about the Pkg-freedesktop-maintainers mailing list