octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2025-01-23 23:28:35 +00:00
Code Issues Releases Wiki Activity
qpdf/libqpdf
History
Jay Berkenbilt afe0242b26 Handle object ID 0 (fixes #99) 
This is CVE-2017-9208.

The QPDF library uses object ID 0 internally as a sentinel to
represent a direct object, but prior to this fix, was not blocking
handling of 0 0 obj or 0 0 R as a special case. Creating an object in
the file with 0 0 obj could cause various infinite loops. The PDF spec
doesn't allow for object 0. Having qpdf handle object 0 might be a
better fix, but changing all the places in the code that assumes objid
== 0 means direct would be risky.
2017-07-26 06:24:07 -04:00
..
qpdf
Implement deterministic ID
2015-10-31 18:56:42 -04:00
sph
SHA2 pipeline with support for 256, 384, and 512 bits
2012-12-31 05:36:51 -05:00
bits.icc
Fix and test support for files >= 4 GB
2012-06-24 15:56:50 -04:00
BitStream.cc
Security: fix potential multiplication overflow
2013-10-09 19:50:09 -04:00
BitWriter.cc
Fix and test support for files >= 4 GB
2012-06-24 15:56:50 -04:00
Buffer.cc
ABI change: fix use of off_t, size_t, and integer types
2012-06-20 15:20:26 -04:00
BufferInputSource.cc
Include <algorithm> for std::min, std::max
2013-11-29 10:48:16 -05:00
build.mk
Bump library soname
2015-11-10 12:42:37 -05:00
FileInputSource.cc
Include <algorithm> for std::min, std::max
2013-11-29 10:48:16 -05:00
InputSource.cc
Refactor: pull *InputSource out of QPDF
2012-07-21 09:06:06 -04:00
InsecureRandomDataProvider.cc
Refactor random data generation
2013-12-14 15:17:35 -05:00
Makefile
update release date to actual date
2008-04-29 12:55:25 +00:00
MD5.cc
Call QUtil::safe_fopen in place of fopen
2013-03-05 13:35:46 -05:00
OffsetInputSource.cc
Update lastOffset when reading
2013-12-14 15:17:07 -05:00
PCRE.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
Pipeline.cc
do DLL_EXPORT only in header files and only at the class or top-level function level
2009-10-12 01:15:55 +00:00
Pl_AES_PDF.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
Pl_ASCII85Decoder.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
Pl_ASCIIHexDecoder.cc
Remove all calls to strcpy
2013-03-05 13:35:46 -05:00
Pl_Buffer.cc
ABI change: fix use of off_t, size_t, and integer types
2012-06-20 15:20:26 -04:00
Pl_Concatenate.cc
Add Pl_Concatenate filter
2012-06-27 10:20:38 -04:00
Pl_Count.cc
Use qpdf_offset_t in place of off_t in public APIs.
2012-06-21 21:23:24 -04:00
Pl_Discard.cc
ABI change: fix use of off_t, size_t, and integer types
2012-06-20 15:20:26 -04:00
Pl_Flate.cc
Protect gcc diagnostic pragmas with gcc version
2013-03-27 17:36:28 -04:00
Pl_LZWDecoder.cc
Security: replace operator[] with at
2013-10-18 10:45:14 -04:00
Pl_MD5.cc
Implement deterministic ID
2015-10-31 18:56:42 -04:00
Pl_PNGFilter.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
Pl_QPDFTokenizer.cc
ABI change: fix use of off_t, size_t, and integer types
2012-06-20 15:20:26 -04:00
Pl_RC4.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
Pl_SHA2.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
Pl_StdioFile.cc
Use portable versions of some UNIX-specific calls
2013-03-05 13:35:46 -05:00
QPDF_Array.cc
Security: replace operator[] with at
2013-10-18 10:45:14 -04:00
QPDF_Bool.cc
Add getTypeCode() and getTypeName()
2013-01-22 10:01:45 -05:00
QPDF_Dictionary.cc
Add getTypeCode() and getTypeName()
2013-01-22 10:01:45 -05:00
QPDF_encryption.cc
Avoid buffer overrun copying digest
2015-02-21 17:51:08 -05:00
QPDF_InlineImage.cc
Add getTypeCode() and getTypeName()
2013-01-22 10:01:45 -05:00
QPDF_Integer.cc
Add getTypeCode() and getTypeName()
2013-01-22 10:01:45 -05:00
QPDF_linearization.cc
Security: replace operator[] with at
2013-10-18 10:45:14 -04:00
QPDF_Name.cc
Security: replace operator[] with at
2013-10-18 10:45:14 -04:00
QPDF_Null.cc
Add getTypeCode() and getTypeName()
2013-01-22 10:01:45 -05:00
QPDF_Operator.cc
Cosmetic changes to be closer to Adobe terminology
2013-01-23 09:38:05 -05:00
QPDF_optimization.cc
Detect loops in /Pages structure
2015-02-21 19:47:11 -05:00
QPDF_pages.cc
Detect loops in /Pages structure
2015-02-21 19:47:11 -05:00
QPDF_Real.cc
Add getTypeCode() and getTypeName()
2013-01-22 10:01:45 -05:00
QPDF_Reserved.cc
Add getTypeCode() and getTypeName()
2013-01-22 10:01:45 -05:00
QPDF_Stream.cc
Security: replace operator[] with at
2013-10-18 10:45:14 -04:00
QPDF_String.cc
Security: replace operator[] with at
2013-10-18 10:45:14 -04:00
qpdf-c.cc
Implement deterministic ID
2015-10-31 18:56:42 -04:00
QPDF.cc
Handle object ID 0 (fixes #99)
2017-07-26 06:24:07 -04:00
QPDFExc.cc
Use qpdf_offset_t in place of off_t in public APIs.
2012-06-21 21:23:24 -04:00
QPDFObject.cc
removed qexc; non-compatible ABI change
2009-09-26 18:36:04 +00:00
QPDFObjectHandle.cc
Handle object ID 0 (fixes #99)
2017-07-26 06:24:07 -04:00
QPDFObjGen.cc
Fix QPDFObjGen constructor implementation
2013-07-07 19:43:01 -04:00
QPDFTokenizer.cc
Security: replace operator[] with at
2013-10-18 10:45:14 -04:00
QPDFWriter.cc
Remove some ABI compatibility private methods
2015-11-10 12:22:40 -05:00
QPDFXRefEntry.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
QTC.cc
Call QUtil::safe_fopen in place of fopen
2013-03-05 13:35:46 -05:00
QUtil.cc
C++-Builder supports 64 Bit file functions
2016-01-24 12:07:20 -05:00
RC4.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
rijndael.cc
Remove all old-style casts from C++ code
2013-03-04 16:45:16 -05:00
SecureRandomDataProvider.cc
Handle Microsoft crypt provider without prior keys
2015-05-24 16:52:42 -04:00
sha2.c
Incorporate sha2 code from sphlib 3.0
2012-12-31 05:36:51 -05:00
sha2big.c
Incorporate sha2 code from sphlib 3.0
2012-12-31 05:36:51 -05:00