mirror of
https://github.com/qpdf/qpdf.git
synced 2024-05-29 08:20:53 +00:00
afe0242b26
This is CVE-2017-9208. The QPDF library uses object ID 0 internally as a sentinel to represent a direct object, but prior to this fix, was not blocking handling of 0 0 obj or 0 0 R as a special case. Creating an object in the file with 0 0 obj could cause various infinite loops. The PDF spec doesn't allow for object 0. Having qpdf handle object 0 might be a better fix, but changing all the places in the code that assumes objid == 0 means direct would be risky.
6 lines
343 B
Plaintext
6 lines
343 B
Plaintext
WARNING: issue-99b.pdf: file is damaged
|
|
WARNING: issue-99b.pdf (object 1 0, file position 9): object with ID 0
|
|
WARNING: issue-99b.pdf: Attempting to reconstruct cross-reference table
|
|
WARNING: issue-99b.pdf: object 1 0 not found in file after regenerating cross reference table
|
|
operation for Dictionary object attempted on object of wrong type
|