9 Jul 01:36
#2008-007 libpoppler uninitialized pointer - POC
From: Felipe Andres Manzano <fmanzano <at> fceia.unr.edu.ar>
Subject: #2008-007 libpoppler uninitialized pointer - POC
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-08 23:37:49 GMT
Subject: #2008-007 libpoppler uninitialized pointer - POC
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-08 23:37:49 GMT
hi. I was in doubt about releasing this because of there is no official patch. I suppose at this point anyone could accomplish the same thing so, again I'm in doubt. A friend once told me that if in doubt take your pants off. I've already tried that and I didn't earn no resolution to my conflict so.. I thought I should try the internet version of that strategy. So here we are, enjoy... f/ ''' #OCERT ADV #2008-007 libpoppler uninitialized pointer Description: The poppler PDF rendering library suffers a memory management bug which leads to arbitrary code execution. The vulnerability is present in the Page class constructor/destructor. The pageWidgets object is not initialized in the Page constructor if specific conditions are met, but it is deleted afterwards in the destructor regardless of its initialization. Specific PDF files can be crafted which allocate arbitrary memory to trigger the vulnerability. A new poppler version addressing the issue is scheduled to be released on July 30th according to maintainer. The following patch fixes the issue:(Continue reading)
RSS Feed