-
Kristian Høgsberg authored
Security patch from Martin Pitt (#5516). Multiple integer/buffer overflows. * poppler/Stream.cc (CCITTFaxStream::CCITTFaxStream): Check columns for negative or large values (CVE-2005-3624). * poppler/Stream.cc: Reset numComps to 0 since it's a global variable that is used later (CVE-2005-3627). * poppler/Stream.cc (DCTStream::readHuffmanTables): Fix out of bounds array access in Huffman tables (CVE-2005-3627). * poppler/Stream.cc (DCTStream::readMarker): Check for EOF in while loop to prevent endless loops (CVE-2005-3625). * poppler/JBIG2Stream.cc (JBIG2Bitmap::JBIG2Bitmap, JBIG2Bitmap::expand, JBIG2Stream::readHalftoneRegionSeg): Check user supplied width and height against invalid values. Allocate one extra byte to prevent out of bounds access in combine().
9c3d0ab9