Wed, Jun 24 2009 4:53
Two Security Vulnerabilities Fixed in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder
Here is detailed information about the vulnerabilities:
a problem related to negative stream offset (in malicious JPEG2000
stream) which caused reading data from an out-of-bound address. We have
added guard codes to solve this issue.
- Fixed a
problem related to error handling when decoding JPEG2000 header, an
uncaught fatal error resulted a subsequent invalid address access. We
added error handling code to terminate the decoding process.
Filed under: News