Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 124479 Use after free in PDF with corrupt CID font encoding name
Starred by 1 user Reported by scarybea...@gmail.com, Apr 20 2012 Back to list
Status: Fixed
Owner:
User never visited
Closed: Apr 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 0
Type: Bug-Security

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
Repro attached.
 
33.pdf
12.1 KB Download
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify Merge-Approved
Status: FixUnreleased
Nice, so a random corruption has changed the encoding string to

/Encoding /#0msp-RKSJ-V

#0m is not a valid 2-digit hex code so the name ends up being zero-length, which triggers the condition.

Fixed in PDF r1386
Labels: -Merge-Approved Merge-Merged
Merged to M19 at PDF r1404.
Labels: CVE-2011-3099
Comment 4 by cdn@chromium.org, May 15 2012
Status: Fixed
Updating status to Fixed on security bugs which were fixed when m19 went to stable.
Cc: emily.zh...@gmail.com
Project Member Comment 6 by bugdroid1@chromium.org, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 7 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Type-Security -Feature-PDF -SecImpacts-Stable -SecImpacts-Beta -Mstone-19 M-19 Cr-Content-Plugins-PDF Security-Impact-Stable Security-Impact-Beta Type-Bug-Security
Project Member Comment 8 by bugdroid1@chromium.org, Mar 11 2013
Labels: -Area-Undefined
Project Member Comment 9 by bugdroid1@chromium.org, Mar 13 2013
Labels: Restrict-View-EditIssue
Project Member Comment 10 by bugdroid1@chromium.org, Mar 13 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Labels: -Restrict-View-SecurityNotify -Restrict-View-EditIssue
Project Member Comment 12 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member Comment 13 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member Comment 14 by bugdroid1@chromium.org, Apr 6 2013
Labels: Cr-Blink
Project Member Comment 15 by bugdroid1@chromium.org, Apr 6 2013
Labels: -Cr-Content-Plugins-PDF Cr-Internals-Plugins-PDF
Project Member Comment 16 by sheriffbot@chromium.org, Jun 14 2016
Labels: -security_impact-beta
Project Member Comment 17 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 18 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment