Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)

To: martin@oneiros.de
Cc: te@dbs.uni-hannover.de, frank@debian.org, hille42@web.de, joeyh@debian.org, 322467@bugs.debian.org, team@security.debian.org
Subject: Bug#322467: Please Help (was: Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability)
From: "Derek B. Noonburg" <derekn@foolabs.com>
Date: Sun, 14 Aug 2005 09:29:41 -0700 (PDT)
Message-id: <[🔎] 20050814162942.17666.qmail@foolabs.com>
Reply-to: "Derek B. Noonburg" <derekn@foolabs.com>, 322467@bugs.debian.org

On 12 Aug, Martin Schröder wrote:
> On 2005-08-12 16:08:07 +0200, Martin Schroeder wrote:
>> I don't know about 2005-2097, but the worst would be a crash of
>> pdfTeX. Is a patch around?
> 
> I've found it and checked the code: The vulnerable code
> (fofi/FoFiTrueType.cc) is only called from the interactive code
> (xpdf/PShOutputDev.cc and xpdf/SplashOutputDev.cc), which is not
> included in pdfTex/teTeX. 
> 
> So teTeX is not affected.

Well, PSOutputDev isn't "interactive" as such, but you're correct that
it only affects those two modules (which means xpdf, pdftoppm, and
pdftops).

- Derek

Reply to:

Prev by Date: Bug#321241: libkpathsea4-dev: Needs a README.Debian
Next by Date: Bug#215248: [pdftex] Man page for pdftosrc
Previous by thread: Bug#322407 acknowledged by developer (Bug#322407: fixed in python2.3 2.3.5-7)
Next by thread: SVN tetex commit: r124 - tex-common/trunk/debian
Index(es):
- Date
- Thread