First Last Prev Next    This bug is not in your last search results.
Bug 1037000 - (CVE-2017-8378) VUL-1: CVE-2017-8378: podofo: denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp)
(CVE-2017-8378)
VUL-1: CVE-2017-8378: podofo: denial of service (application crash) vectors r...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: unspecified
Assigned To: Antonio Larrosa
Security Team bot
https://smash.suse.de/issue/184638/
CVSSv2:SUSE:CVE-2017-8378:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-01 08:09 UTC by Mikhail Kasimov
Modified: 2022-08-01 10:52 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-05-01 08:09:50 UTC 
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8378
===================================================
Description

Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.

Source:  MITRE      Last Modified:  04/30/2017
===================================================


Hyperlink

[1] https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
Comment 1 Marcus Meissner 2019-10-31 08:18:34 UTC 
hmm, reproducer no longer present :/
First Last Prev Next    This bug is not in your last search results.