swftools-common
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Swftools-common] XPDF vulnerability

From: David Schissler
Subject: Re: [Swftools-common] XPDF vulnerability
Date: Mon, 18 Oct 2010 18:28:42 -0700 
>From what I understand on the matter, poppler was affected by the
vulnerability as well.  It apparently has something to do with
something going very far back before the fork happened between those
two projects.  I'm unsure if this vulnerability means that a malformed
PDF would cause pdf2swf to start executing the stack.  If so I think
that this would warrant a new minor release to clear it up.  I'd love
to be able to pay for that support but for now I must go begging.

Do you have any plans for being able to dynamically link against
vanilla poppler or xpdf?  Or perhaps static linking against them?
That would be necessary to get your project included in Fedora.



On Sat, Oct 16, 2010 at 11:39 AM, Matthias Kramm <address@hidden> wrote:
> On Thu, Oct 14, 2010 at 02:37:31PM -0700, David Schissler <address@hidden> 
> wrote:
>> http://www.h-online.com/security/news/item/Vulnerabilities-in-Xpdf-affect-several-open-source-products-1107088.html
>
> Thanks for bringing this to my attention. I'll look into it.
>
> We also have support for linking pdf2swf against poppler instead of xpdf
> in our queue.
>
> Matthias
>
>
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]