[3.6] podofo: Multiple vulnerabilities (CVE-2017-6840, CVE-2017-6841, CVE-2017-6842, CVE-2017-6848)
CVE-2017-6840: invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp)
Affected version: 0.9.5
Reference:
http://openwall.com/lists/oss-security/2017/03/13/10
CVE-2017-6841: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h)
Affected version: 0.9.5
Reference:
http://openwall.com/lists/oss-security/2017/03/13/11
CVE-2017-6842: NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp)
Affected version: 0.9.5
Reference:
http://openwall.com/lists/oss-security/2017/03/13/12
CVE-2017-6848: NULL pointer dereference in PoDoFo::PdfXObject::PdfXObject (PdfXObject.cpp)
Affected version: 0.9.5
Reference:
http://openwall.com/lists/oss-security/2017/03/13/18
(from redmine: issue id 7019, created on 2017-03-16, closed on 2017-05-02)
- Relations:
- parent #7018 (closed)