[poppler] Do we need to remove the internal DCT and JPX decoders

jose.aliste at gmail.com jose.aliste at gmail.com
Tue May 16 23:40:31 UTC 2017


Hey List,

very recently, Thalos(CISCO) has encountered some overflows that could
potentially lead to security risks. One of this is in the DCT decoder and
the other in the JPX decoder. The question is what to do? Do we fix these
overflows or just remove the decoders from poppler since they are not being
mantained. One of the problems is that Ubuntu is compiled by default to use
the JPX decoder while most distributions do include libjpeg support.

The bugs as I understand are still private, so if any of the developers of
poppler wants to see the reports, please contact me directly (off list) and
I will send it to you together with a minimal pdf sample.


Kind regards

José
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler/attachments/20170516/d5166d47/attachment.html>


More information about the poppler mailing list