Forum Thread: SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability

Secunia SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
Secunia Official 11th Feb, 2013 13:54
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been discovered in SumatraPDF, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability exists in the bundled version of MuPDF.

For more information:
SA51544

The vulnerability is confirmed in version 2.1.1. Other versions may also be affected.

pc.tech1 RE: SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
Member 11th Feb, 2013 13:54
Score: 8
Posts: 22
User Since: 13th Feb 2010
System Score: N/A
Location: US
Last edited on 11th Feb, 2013 13:54
Per email exchange with author, vuln was fixed in v2.2.
.

--
This machine has no brain.
Use your own.
.
Was this reply relevant?
+0
-0
obetz RE: SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
Member 14th Mar, 2013 19:15
Score: 0
Posts: 3
User Since: 4th Mar 2013
System Score: N/A
Location: DE
on 11th Feb, 2013 13:54, pc.tech1 wrote:
Per email exchange with author, vuln was fixed in v2.2.
.


also discussed in the Sumatra forum, see http://forums.fofou.org/sumatrapdf/topic?id=318346...

Please note that the (somewhat strange) last post in the thread is not by the author of Sumatra PDF.

I don't know whether the author reported the issue as fixed, but there should be a way to report the correct state in the Secunia advisory.

Oliver
Was this reply relevant?
+0
-0
Maurice Joyce RE: SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
Handling Contributor 15th Mar, 2013 00:20
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Oliver,

Secunia SA51511 state this vulnerability still exists in version 2.1.1 with no solution.

If you install version 2.2.1.0 & run a scan you get this result.

https://akkkug.bn1.livefilestore.com/y1pikNfR3kdRz...

If the scan result is to be believed then it looks like the advisory is out of date & the solution should be to update to this version.

Worth checking with Secunia Support at support@secunia.com



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
obetz RE: SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
Member 15th Mar, 2013 08:16
Score: 0
Posts: 3
User Since: 4th Mar 2013
System Score: N/A
Location: DE
Maurice,

i'm talking about http://secunia.com/advisories/product/40431/?task=... where the issue is still marked unpatched.

Oliver
Was this reply relevant?
+0
-0
Maurice Joyce RE: SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
Handling Contributor 15th Mar, 2013 09:29
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
So am I - SA51511 dated 12/12/2012.

How can it be unpatched if version 2.2.1.0 shows as fully patched?

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
This user no longer exists RE: SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
Secunia Official 15th Mar, 2013 15:16
Last edited on 18th Mar, 2013 15:30 I have requested a comment from our Research department. I will update this thread when I have any news.


Edit: The advisory has been updated.
obetz RE: SumatraPDF "pdf_repair_obj_stm()" Signedness Vulnerability
Member 18th Mar, 2013 16:29
Score: 0
Posts: 3
User Since: 4th Mar 2013
System Score: N/A
Location: DE
on 15th Mar, 2013 15:16, wrote:
Edit: The advisory has been updated.


thanks!

Oliver
Was this reply relevant?
+0
-0