[poppler] A few vulnerabilitiess in libpoppler

Albert Astals Cid aacid at kde.org
Tue Nov 23 14:48:16 PST 2010


A Dimarts, 23 de novembre de 2010, vàreu escriure:
> >> I guess I can setup another round of fuzzing.
> > 
> > Sure, just make sure you are using uptodate poppler and openjpeg.
> 
> Here it is
> 
> http://alt.swiecki.net/j/poppler_2010.11.23.tbz
> 
> I'm using git://git.freedesktop.org/git/poppler/poppler and my
> pdftoppm doesn't depend on any non-standard libraries (is openjpeg
> embedded in poppler git repository?), so I guess I'm fuzzing the
> newest version

No, you need to get openjpeg as a separate library, i'm sure that when you do 
the configure step it warns you that you should be using it.

Anyway do all the files in that tar crash for you? Because i tried
SIGSEGV.PC.(nil).CODE.1.ADDR.(nil).INSTR.[NOT_MMAPED].pdf 
and works perfectly for me.

Albert


More information about the poppler mailing list