Saturday, January 6, 2007

MOAB-06-01-2007: Multiple Vendor PDF Document Catalog Handling Vulnerability

The current PDF specification is affected by a design flaw: a rogue Pages entry or malicious catalog dictionary could cause a denial of service (memory corruption condition, memory leakage, etc) or potential arbitrary code execution in the reader application.
Further information:
One of those nice issues you "can't" find with so-called fuzzing, but instead reading the format specification...