[Printing-architecture] XPdf bundling in pdftoopvp as well

Tim Waugh twaugh at redhat.com
Mon Mar 5 12:09:38 UTC 2012


On Fri, 2012-03-02 at 21:38 +0900, Koji Otani wrote:
> From: Tim Waugh <twaugh at redhat.com>
> Subject: [Printing-architecture] XPdf bundling in pdftoopvp as well
> Date: Fri, 02 Mar 2012 12:04:15 +0000
> Message-ID: <1330689855.32498.25.camel at rubik>
> 
> twaugh> It looks like the same issue also affects pdftoopvp, although
> twaugh> mysteriously the Glyph & Cog copyright notices seem to be absent.
> twaugh> 
> 
> If you say about OPVPOutputdev.cc, pdftoopvp uses SplashOutputdev 
> as a template to make a driver of poppler.  

I do; and there is an overflow in it.

I haven't even looked at pdftoopvp/oprs/*Splash*.cxx, but I expect those
also have vulnerabilities of one form or another.

If this code really must be duplicated (and I hope that is not the
case), there *must* be a plan in place to make sure that security fixes
in poppler and XPdf get checked for in cups-filters.

Tim.
*/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxfoundation.org/pipermail/printing-architecture/attachments/20120305/6c627b0b/attachment.sig>


More information about the Printing-architecture mailing list