Description: CVE-2017-6840 and CVE-2017-6842 and CVE-2017-6843
Acked-By: Mattia Rizzolo <mattia@debian.org>
Last-UpdatE: 2017-05-17
Origin: https://sourceforge.net/p/podofo/code/1844
Origin: https://sourceforge.net/p/podofo/code/1845
Bug-Debian: https://bugs.debian.org/861557
Bug-Debian: https://bugs.debian.org/861559
Bug-Debian: https://bugs.debian.org/861560

--- a/tools/podofocolor/colorchanger.cpp
+++ b/tools/podofocolor/colorchanger.cpp
@@ -181,6 +181,13 @@
             int nNumArgs = pInfo->nNumArguments;
             EPdfColorSpace eColorSpace;
 
+            if( pInfo->nNumArguments > 0 && args.size() != static_cast<size_t>( pInfo->nNumArguments ) )
+            {
+                std::ostringstream oss;
+                oss << "Expected " << pInfo->nNumArguments << " argument(s) for keyword '" << pszKeyword << "', but " << args.size() << " given instead.";
+                PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidContentStream, oss.str().c_str() );
+            }
+
             switch( pInfo->eKeywordType )
             {
                 case eKeyword_GraphicsStack_Push: