Описание
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libpodofo | fixed | 0.9.8+dfsg-1 | package | |
| libpodofo | no-dsa | bullseye | package | |
| libpodofo | no-dsa | buster | package | |
| libpodofo | postponed | stretch | package |
Примечания
https://sourceforge.net/p/podofo/tickets/130/
https://github.com/podofo/podofo/commit/14689c5b8a60d3450f154e66c92632947b73f619 (0.9.8)
Связанные уязвимости
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
Уязвимость функций PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant(), PdfTokenizer::ReadDataType() программной библиотеки для работы с PDF PoDoFo, позволяющая нарушителю вызвать отказ в обслуживании