[poppler] Fwd: Re: CVE-2012-2142 xpdf, poppler: Insufficient sanitization of escape sequences in the error messages
Albert Astals Cid
aacid at kde.org
Sat Dec 1 10:54:10 PST 2012
El Dissabte, 1 de desembre de 2012, a les 13:34:34, William Bader va escriure:
> vt100's and some xterms have softkeys that can be set with escape codes.Back
> in the 80's when we had vt100's on pdp11's and vaxen in the office, we
> sometimes played tricks on each other by reprogramming terminals through
> escape codes.In theory, if poppler writes raw data from a pdf in an error
> message, someone could create a pdf that would lead poppler to redefine a
> function key (or maybe even the "enter" key) to generate a malicious
> command.It is an issue for anyone who runs programs using poppler at a
> command line.
Yes, that's what i said. Isn't it?
Cheers,
Albert
> William
More information about the poppler
mailing list