diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -1,5 +1,10 @@ 2015-02-21 Jay Berkenbilt <ejb@ql.org> + * Prevent buffer overrun when converting a password to an + encryption key. Thanks to Gynvael Coldwind and Mateusz Jurczyk of + the Google Security Team for providing a sample file with this + problem. + * Ensure that arguments to "R" when parsing the file are direct objects before trying to resolve them. This prevents specially crafted files from causing qpdf to crash with a stack overflow. |