You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by Simon Steiner <si...@gmail.com> on 2021/05/18 12:47:32 UTC
CVE's
Hi,
Do you have the pdf's for these so I can verify they are fixed:
PDFBOX-4071: skip duplicates - CVE-2018-11797
PDFBOX-5112, CVE-2021-27906: added another check for the W and the Index
array, reduce memory footprint
PDFBOX-4892, CVE-2021-27807: sync read/readFully code to get the same
behaviour for all classes implementing the same interface
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Re: CVE's
Posted by Andreas Lehmkuehler <an...@lehmi.de>.
Hi Simon,
Am 18.05.21 um 14:47 schrieb Simon Steiner:
> Hi,
>
> Do you have the pdf's for these so I can verify they are fixed:
Yes, the files don't contain any critical data as they were created by some
fuzzy logic. They are more or less garbage
> PDFBOX-4071: skip duplicates - CVE-2018-11797
> PDFBOX-5112, CVE-2021-27906: added another check for the W and the Index
> array, reduce memory footprint
I've attached the pdf, it doesn't have much in common with a real pdf.
> PDFBOX-4892, CVE-2021-27807: sync read/readFully code to get the same
> behaviour for all classes implementing the same interface
I've attached a piece of code containing the pdf encoded as base64 stream
Andreas
> Thanks
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>