[poppler] A few vulnerabilitiess in libpoppler
Albert Astals Cid
aacid at kde.org
Tue Nov 23 14:48:16 PST 2010
A Dimarts, 23 de novembre de 2010, vàreu escriure:
> >> I guess I can setup another round of fuzzing.
> >
> > Sure, just make sure you are using uptodate poppler and openjpeg.
>
> Here it is
>
> http://alt.swiecki.net/j/poppler_2010.11.23.tbz
>
> I'm using git://git.freedesktop.org/git/poppler/poppler and my
> pdftoppm doesn't depend on any non-standard libraries (is openjpeg
> embedded in poppler git repository?), so I guess I'm fuzzing the
> newest version
No, you need to get openjpeg as a separate library, i'm sure that when you do
the configure step it warns you that you should be using it.
Anyway do all the files in that tar crash for you? Because i tried
SIGSEGV.PC.(nil).CODE.1.ADDR.(nil).INSTR.[NOT_MMAPED].pdf
and works perfectly for me.
Albert
More information about the poppler
mailing list