[poppler] A few vulnerabilitiess in libpoppler

Robert Święcki robert at swiecki.net
Thu Oct 21 05:02:05 PDT 2010


On Thu, Oct 21, 2010 at 12:53 PM,  <mpsuzuki at hiroshima-u.ac.jp> wrote:
> Hi,
>
> On Thu, 21 Oct 2010 12:09:40 +0200
> <robert at swiecki.net> wrote:
>>I was recently fuzzing libpoppler and found lots of crashes in it.
>>Some of them are of lesser importance, some look more serious. The
>>archive is here:
>>
>>http://alt.swiecki.net/j/poppler_2010.10.20.tgz
>>
>>I tested it with Ubuntu's pdftoppm from poppler-utils_0.12.4-0ubuntu5
>>package on a 64bit system.
>
> Your fuzzing test has been helpful for the improvement
> of FreeType2, thanks. But poppler-0.12.4 might be slightly
> too old to ask for poppler maintainers' efforts. I will
> check your samples by the latest revision on git, on
> GNU/Linux on amd64.

Ah.. ok, sure, I'll clone the latest repo and give it another round of
testing sometime soon.

Nice to see you also here mpsuzuki san, a good sign ;).

-- 
Robert Święcki


More information about the poppler mailing list