2006-01-10  Kristian Høgsberg  <krh@redhat.com>

        Security patch from Martin Pitt (#5516).  Multiple integer/buffer

        * poppler/Stream.cc (CCITTFaxStream::CCITTFaxStream): Check
        columns for negative or large values (CVE-2005-3624).

        * poppler/Stream.cc: Reset numComps to 0 since it's a global
        variable that is used later (CVE-2005-3627).

        * poppler/Stream.cc (DCTStream::readHuffmanTables): Fix out of
        bounds array access in Huffman tables (CVE-2005-3627).

        * poppler/Stream.cc (DCTStream::readMarker): Check for EOF in
        while loop to prevent endless loops (CVE-2005-3625).

        * poppler/JBIG2Stream.cc (JBIG2Bitmap::JBIG2Bitmap,
        JBIG2Bitmap::expand, JBIG2Stream::readHalftoneRegionSeg): Check
        user supplied width and height against invalid values.  Allocate
        one extra byte to prevent out of bounds access in combine().
3 files changed