[poppler] A few vulnerabilitiess in libpoppler
Albert Astals Cid
aacid at kde.org
Mon Nov 22 16:15:15 PST 2010
A Dimarts, 23 de novembre de 2010, Robert Święcki va escriure:
> Kewl,
>
> I guess I can setup another round of fuzzing.
Sure, just make sure you are using uptodate poppler and openjpeg.
> Nice job with fixing this.
Nice job creating the crashers ;-)
Albert
>
> On Mon, Nov 22, 2010 at 12:21 AM, Albert Astals Cid <aacid at kde.org> wrote:
> > A Dijous, 21 d'octubre de 2010, Robert Święcki va escriure:
> >> Hi,
> >>
> >> I was recently fuzzing libpoppler and found lots of crashes in it.
> >> Some of them are of lesser importance, some look more serious. The
> >> archive is here:
> >>
> >> http://alt.swiecki.net/j/poppler_2010.10.20.tgz
> >>
> >> I tested it with Ubuntu's pdftoppm from poppler-utils_0.12.4-0ubuntu5
> >> package on a 64bit system.
> >
> > The master branch should have all of these files fixed that were poppler
> > fault, there are still some jpeg2k crashes in openjpeg.
> >
> > There is one file that doesn't crash per se but exhausts the computer
> > memory (and then crashes :D)
> >
> > Hib it is doing mad allocations in your new code in Hints.cc, could you
> > have a look at it, it is
> > SIGSEGV.PC.0x7ffff7af2936.CODE.1.ADDR.(nil).INSTR.mov_rax,_[rdi].pdf
> >
> > Albert
> > _______________________________________________
> > poppler mailing list
> > poppler at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/poppler
More information about the poppler
mailing list