From aa3662559e66690c98bded8ebac48506dcb7bd8b Mon Sep 17 00:00:00 2001 From: Balint Reczey <balint@balintreczey.hu> Date: Thu, 5 Jan 2017 15:51:11 +0100 Subject: [PATCH 7/8] Parse Protect tag's Password as string Fixes CVE-2016-9827. Fixes: #59 --- util/parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/util/parser.c +++ b/util/parser.c @@ -2750,7 +2750,7 @@ PAR_BEGIN (SWF_PROTECT); if( length != 0 ) { - parserrec->Password = readBytes (f, length); + parserrec->Password = readString (f); } else { parserrec->Password = NULL; }