commit 9c3d0ab91e42404cfd215de3739fa5b2bdf71964
author Kristian Høgsberg <krh@redhat.com> Tue Jan 10 19:08:16 2006 +0000
committer Kristian Høgsberg <krh@redhat.com> Tue Jan 10 19:08:16 2006 +0000
tree 1d92a65ffcdfc59fe66c53ffd259917033fd6745
parent 5d1a2cd62f8e263c6041eaa502e60b188decb9da

2006-01-10  Kristian Høgsberg  <krh@redhat.com>

        Security patch from Martin Pitt (#5516).  Multiple integer/buffer
        overflows.

        * poppler/Stream.cc (CCITTFaxStream::CCITTFaxStream): Check
        columns for negative or large values (CVE-2005-3624).

        * poppler/Stream.cc: Reset numComps to 0 since it's a global
        variable that is used later (CVE-2005-3627).

        * poppler/Stream.cc (DCTStream::readHuffmanTables): Fix out of
        bounds array access in Huffman tables (CVE-2005-3627).

        * poppler/Stream.cc (DCTStream::readMarker): Check for EOF in
        while loop to prevent endless loops (CVE-2005-3625).

        * poppler/JBIG2Stream.cc (JBIG2Bitmap::JBIG2Bitmap,
        JBIG2Bitmap::expand, JBIG2Stream::readHalftoneRegionSeg): Check
        user supplied width and height against invalid values.  Allocate
        one extra byte to prevent out of bounds access in combine().