[poppler] A few vulnerabilitiess in libpoppler

Robert Święcki robert at swiecki.net
Tue Nov 23 04:27:06 PST 2010


>> I guess I can setup another round of fuzzing.
>
> Sure, just make sure you are using uptodate poppler and openjpeg.

Here it is

http://alt.swiecki.net/j/poppler_2010.11.23.tbz

I'm using git://git.freedesktop.org/git/poppler/poppler and my
pdftoppm doesn't depend on any non-standard libraries (is openjpeg
embedded in poppler git repository?), so I guess I'm fuzzing the
newest version

$ ldd utils/pdftoppm
  linux-vdso.so.1 =>  (0x00007fff97dff000)
  libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00007f5bfb48e000)
  libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f5bfb17a000)
  libm.so.6 => /lib/libm.so.6 (0x00007f5bfaef6000)
  libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f5bfacdf000)
  libc.so.6 => /lib/libc.so.6 (0x00007f5bfa95c000)
  libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007f5bfa6d5000)
  libz.so.1 => /lib/libz.so.1 (0x00007f5bfa4be000)
  libexpat.so.1 => /lib/libexpat.so.1 (0x00007f5bfa295000)
  /lib64/ld-linux-x86-64.so.2 (0x00007f5bfb6e2000)

-- 
Robert Święcki


More information about the poppler mailing list