-
Kristian Høgsberg authored
Security patch from Martin Pitt (#5516). Multiple integer/buffer overflows. * poppler/Stream.cc (CCITTFaxStream::CCITTFaxStream): Check columns for negative or large values (CVE-2005-3624). * poppler/Stream.cc: Reset numComps to 0 since it's a global variable that is used later (CVE-2005-3627). * poppler/Stream.cc (DCTStream::readHuffmanTables): Fix out of bounds array access in Huffman tables (CVE-2005-3627). * poppler/Stream.cc (DCTStream::readMarker): Check for EOF in while loop to prevent endless loops (CVE-2005-3625). * poppler/JBIG2Stream.cc (JBIG2Bitmap::JBIG2Bitmap, JBIG2Bitmap::expand, JBIG2Stream::readHalftoneRegionSeg): Check user supplied width and height against invalid values. Allocate one extra byte to prevent out of bounds access in combine().
9c3d0ab9
To find the state of this project's repository at the time of any of these versions, check out the tags.