Fix CVE-2017-9776: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776 https://bugs.freedesktop.org/show_bug.cgi?id=101541 Patch copied from upstream source repository: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid Date: Wed, 21 Jun 2017 00:55:20 +0200 Subject: [PATCH] Fix crash in malformed documents --- poppler/JBIG2Stream.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index 48535883..d89108c8 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, oneByte = x0 == ((x1 - 1) & ~7); for (yy = y0; yy < y1; ++yy) { - if (unlikely(y + yy) >= h) + if (unlikely((y + yy >= h) || (y + yy < 0))) continue; // one byte per line -- need to mask both left and right side -- 2.13.2