Red Hat Bugzilla – Bug 163924
Last modified: 2008-02-11 20:25:56 EST
+++ This bug was initially created as a clone of Bug #163918 +++
A broken PDF file is will create a file in /tmp and continue to fill it until
the filesystem is full.
The patch for this issue is attachment 117043 [details]
The demo exploit for this issue is attachment 117042 [details]
This issue also affects FC3
err, this issue only affects FC3
For FC4 I think this apply to poppler instead.
I'm not sure if this issue affects poppler. I can't get evince to fill up /tmp
when I open this PDF file (I know it's the same code, but for some reason it's
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.
Fedora Core 3 is not maintained anymore.
Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.