Menu

#25 podofo 0.9.6 infinite recursion in PdfOutlineItem::PdfOutlineItem in PdfOutlines.cpp

SVN TRUNK
accepted
Matthew Brincke
security (37) recursion-guard-missing (1) crash (10)
2021-10-26
2018-07-28
r4xis
No

PoC: https://bugzilla.redhat.com/show_bug.cgi?id=1607186

There is a stack overflow in the PoDoFo::PdfOutlineItem::PdfOutlineItem function of PdfOutlines.cpp:82. Remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted pdf file.

Discussion

  • Matthew Brincke

    Matthew Brincke - 2018-11-26
    • status: open --> pending
    • assigned_to: Matthew Brincke
     

  • Matthew Brincke

    Matthew Brincke - 2018-11-26

    I'll fix this after I've extracted PdfRecursionGuard to its own file, then use that for this fix.

     

  • Matthew Brincke

    Matthew Brincke - 2021-02-28
    • labels: security --> security, recursion-guard-missing, crash
    • status: pending --> accepted
     

  • Matthew Brincke

    Matthew Brincke - 2021-02-28

    As "pending" in issues with me as owner means I have done my part in fixing them, this isn't yet in that state because I could fix it with PdfRecursionGuard likely alright (but have decided to prioritize other issues). I think I'm going to fix it at some time in the future (if nobody does it before), so I'm setting this to "accepted" now and retain the owner set to me.

     

  • Christopher Creutzig

    Christopher Creutzig - 2021-10-26

    As proposed, moved PdfRecursionGuard to broader visibility (we could argue about the right header for it, but that can be changed) and used it in PdfOutlineItem. This also fixes #48 (where I started, hence the patch's file name).

     
    podofo-48.patch
MongoDB Logo MongoDB