Headline
CVE-2022-37050: SIGABRT at poppler/Object.h:435 (#1274) · Issues · poppler / poppler · GitLab
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
Hi, we found a bug in the latest version of poppler (commit b9643712), the bug causes the program to crash with the following backtrace.
To reproduce it, run pdfseparate poc 1.pdf
(gdb) bt
#0 0x00007ffff72467bb in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff7231535 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff7bee76f in Object::getDict (this=<optimized out>)
at /home/users/chluo/poppler/poppler/Object.h:435
#3 PDFDoc::savePageAs (this=0x466e10, name=..., pageNo=1)
at /home/users/chluo/poppler/poppler/PDFDoc.cc:889
#4 0x0000000000408659 in extractPages (srcFileName=<optimized out>,
destFileName=0x7fffffffe6eb "./1.pdf")
at /home/users/chluo/poppler/utils/pdfseparate.cc:123
#5 main (argc=<optimized out>, argv=<optimized out>)
at /home/users/chluo/poppler/utils/pdfseparate.cc:156
sep.zip
Seems that this bug is related to #706 (closed). 7b4e372d partially fixes #706 (closed) yet it is incomplete.
Edited Jul 27, 2022 by
Related news
Ubuntu Security Notice 6508-1 - It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.