Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
On 12 Aug, Martin Schröder wrote:
> On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
>> I don't know about 2005-2097, but the worst would be a crash of
>> pdfTeX. Is a patch around?
>
> I've found it and checked the code: The vulnerable code
> (fofi/FoFiTrueType.cc) is only called from the interactive code
> (xpdf/PShOutputDev.cc and xpdf/SplashOutputDev.cc), which is not
> included in pdfTex/teTeX.
>
> So teTeX is not affected.
Well, PSOutputDev isn't "interactive" as such, but you're correct that
it only affects those two modules (which means xpdf, pdftoppm, and
pdftops).
- Derek
Reply to: