diff options
author | Jay Berkenbilt <ejb@ql.org> | 2013-10-05 12:26:06 +0200 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2013-10-10 01:50:09 +0200 |
commit | 3eb4b066ab3f25f6454214d33b2fc17161812dfa (patch) | |
tree | c6e71e5ed387d5d728e13fcdd57b1bca94c41e50 /ChangeLog | |
parent | b097d7a81b5c9cb349fff5c1efe6a0c390025579 (diff) | |
download | qpdf-3eb4b066ab3f25f6454214d33b2fc17161812dfa.tar.zst |
Security: better bounds checks for linearization data
The faulty code was only used during explicit checks of linearization
data. Those checks are not part of normal reading or writing of PDF
files.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -1,5 +1,12 @@ 2013-10-05 Jay Berkenbilt <ejb@ql.org> + * Security fix: avoid buffer overrun that could be caused by bogus + data in linearization hint streams. The incorrect code could only + be triggered when checking linearization data, which must be + invoked explicitly. qpdf does not check linearization data when + reading or writing linearized files, but the qpdf --check command + does check linearization data. + * Security fix: properly handle empty strings in QPDF_Name::normalizeName. The empty string is not a valid name and would never be parsed as a name, so there were no known |