© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Yeah, you're right, that should set t2p_error --- and looking through the file, I found a similar oversight in t2p_write_pdf(). These cases do not have any security content though, because AFAICS nothing will crash if pdf_ojpegdata (or pdf_xrefoffsets in the other place) is left null. You might get a bogus additional error message, and/or failure to exit(1) as desired, but no worse.
I've pushed those fixes into upstream CVS, so they will be in the next releases, but I don't think they should be considered part of the CVE issue.