Description: CVE-2017-6847 and CVE-2017-6848
Acked-By: Mattia Rizzolo <mattia@debian.org>
Last-Update: 2017-05-17
Origin: https://sourceforge.net/p/podofo/code/1846
Bug-Debian: https://bugs.debian.org/861564
Bug-Debian: https://bugs.debian.org/861565

--- a/src/doc/PdfXObject.cpp
+++ b/src/doc/PdfXObject.cpp
@@ -261,8 +261,10 @@
     
     m_pResources = pObject->GetIndirectKey( "Resources" );
     m_Identifier = PdfName( out.str().c_str() );
-    m_rRect      = PdfRect( this->GetObject()->GetIndirectKey( "BBox" )->GetArray() );
     m_Reference  = this->GetObject()->Reference();
+
+    if( this->GetObject()->GetIndirectKey( "BBox" ) )
+        m_rRect = PdfRect( this->GetObject()->GetIndirectKey( "BBox" )->GetArray() );
 }
 
 void PdfXObject::InitXObject( const PdfRect & rRect, const char* pszPrefix )