You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pdfbox.apache.org by Simon Steiner <si...@gmail.com> on 2021/05/18 12:47:32 UTC

CVE's

Hi,

Do you have the pdf's for these so I can verify they are fixed:

PDFBOX-4071: skip duplicates - CVE-2018-11797
PDFBOX-5112, CVE-2021-27906: added another check for the W and the Index
array, reduce memory footprint
PDFBOX-4892, CVE-2021-27807: sync read/readFully code to get the same
behaviour for all classes implementing the same interface

Thanks


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org

Re: CVE's

Posted by Andreas Lehmkuehler <an...@lehmi.de>.

Hi Simon,

Am 18.05.21 um 14:47 schrieb Simon Steiner:
> Hi,
> 
> Do you have the pdf's for these so I can verify they are fixed:
Yes, the files don't contain any critical data as they were created by some 
fuzzy logic. They are more or less garbage

> PDFBOX-4071: skip duplicates - CVE-2018-11797
> PDFBOX-5112, CVE-2021-27906: added another check for the W and the Index
> array, reduce memory footprint
I've attached the pdf, it doesn't have much in common with a real pdf.

> PDFBOX-4892, CVE-2021-27807: sync read/readFully code to get the same
> behaviour for all classes implementing the same interface
I've attached a piece of code containing the pdf encoded as base64 stream


Andreas

> Thanks
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>