Menu

#23 CVE-2018-12983 - stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey()

SVN TRUNK
closed
nobody
security (37)
2021-08-18
2018-07-09
Mattia Rizzolo
No

https://security-tracker.debian.org/tracker/CVE-2018-12983
PoC: https://bugzilla.redhat.com/show_bug.cgi?id=1595693

There exists one stack-based buffer overflow in PdfEncryptMD5Base::ComputeEncryptionKey() in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1(the latest stable version). Remote attackers could leverage the two vulnerabilities to cause a denial-of-service or potentially remote code execution via a crafted pdf file.

Discussion

  • Matthew Brincke

    Matthew Brincke - 2018-07-09

    I propose the attached patch although I'm no expert in encryption, so could someone who is please test?

     
    CVE-2018-12983-fix-proposed.diff

  • zyx

    zyx - 2020-05-22

    I'm not the expert too, but if the patch fixes the problem above and you can open encrypted messages created by the previous version of PoDoFo, and the unit tests pass as well, then you can commit it. The change doesn't look like to really break anything, unless the calculation is incorrect, which will verify the suggested tests.

     

  • zyx

    zyx - 2021-08-18

    I gave a try to this patch and it does fix the problem. I did not notice any regression, thus I committed it as r2037. Thank you.

     

  • zyx

    zyx - 2021-08-18
    • status: open --> closed