Handle object ID 0 (fixes #99)

This is CVE-2017-9208. The QPDF library uses object ID 0 internally as a sentinel to represent a direct object, but prior to this fix, was not blocking handling of 0 0 obj or 0 0 R as a special case. Creating an object in the file with 0 0 obj could cause various infinite loops. The PDF spec doesn't allow for object 0. Having qpdf handle object 0 might be a better fix, but changing all the places in the code that assumes objid == 0 means direct would be risky.
author: Jay Berkenbilt <ejb@ql.org> 2017-07-26 10:30:32 +0200
committer: Jay Berkenbilt <ejb@ql.org> 2017-07-26 12:24:07 +0200
commit: afe0242b263a9e1a8d51dd81e42ab6de2e5127eb (patch)
tree: 959baca5eaaac2e775aee3faa35ec52a29aa81ab /ChangeLog
parent: 315092dd98d5230ef0efa18b294d464d0e9f79d0 (diff)
download: qpdf-afe0242b263a9e1a8d51dd81e42ab6de2e5127eb.tar.zst
1 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index ce0ce1e7..f39c52c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2017-07-26  Jay Berkenbilt  <ejb@ql.org>
 
+	* CVE-2017-9208: Handle references to and appearance of object 0
+	as a special case. Object 0 is not allowed, and qpdf was using it
+	internally to represent direct objects.
+
 	* CVE-2017-9209: Fix infinite loop caused by attempting to
 	reconstruct the xref table while already in the process of
 	reconstructing the xref table.
author	Jay Berkenbilt <ejb@ql.org>	2017-07-26 10:30:32 +0200
committer	Jay Berkenbilt <ejb@ql.org>	2017-07-26 12:24:07 +0200
commit	afe0242b263a9e1a8d51dd81e42ab6de2e5127eb (patch)
tree	959baca5eaaac2e775aee3faa35ec52a29aa81ab /ChangeLog
parent	315092dd98d5230ef0efa18b294d464d0e9f79d0 (diff)
download	qpdf-afe0242b263a9e1a8d51dd81e42ab6de2e5127eb.tar.zst