projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 38f9f5b) | patch
package/qpdf: fix CVE-2021-36978
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Thu, 5 Aug 2021 09:09:20 +0000 (11:09 +0200)
committerArnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Thu, 5 Aug 2021 19:06:29 +0000 (21:06 +0200)
commit96865f02d4d770da40d33ebc6421e15721bf3f94
treeb5f908888dabb18583e25052520cd67d6b14f79btree
parent38f9f5bb303acdaedb96c9ecaa5324a9674073c5commit | diff
package/qpdf: fix CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer
overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and
Pl_AES_PDF::finish) when a certain downstream write fails.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
package/qpdf/0002-Fix-some-pipelines-to-be-safe-if-downstream-write-fails.patch [new file with mode: 0644] blob
package/qpdf/qpdf.mk diff | blob | history