+++ This bug was initially created as a clone of Bug #163918 +++ A broken PDF file is will create a file in /tmp and continue to fill it until the filesystem is full. The patch for this issue is attachment 117043 [details] The demo exploit for this issue is attachment 117042 [details]
This issue also affects FC3
err, this issue only affects FC3
For FC4 I think this apply to poppler instead.
Marco, I'm not sure if this issue affects poppler. I can't get evince to fill up /tmp when I open this PDF file (I know it's the same code, but for some reason it's not crashing).
Removing embargo
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
Fedora Core 3 is not maintained anymore. Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the current Fedora release, please reopen this bug and assign it to the corresponding Fedora version.