Headline
CVE-2022-27337: Logic error in function Hints::Hints (#1230) · Issues · poppler / poppler · GitLab
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
A logic error in Function Hints::Hints (poppler/Hints.cc) is found with fuzzing.
There is a check after the memory alloc and set the nPages to zero if failed:
if (!nObjects || !pageObjectNum || !xRefOffset || !pageLength || !pageOffset || !numSharedObject || !sharedObjectId) {
error(errSyntaxWarning, -1, "Failed to allocate memory for hints table");
nPages = 0;
}
But at the end of function, there is a direct call to function readTables WITHOUT the check of nPages.
I believe it should be changed to:
if (nPages != 0) {
readTables(str, linearization, xref, secHdlr);
}
Otherwise, with the attached poc.pdf, program pdftops will hang for a very long time (days), could be a DoS.
pdftops poc.pdf
Edited Mar 15, 2022 by
Related news
Ubuntu Security Notice 6273-1 - Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.
An update for poppler is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27337: poppler: A logic error in the Hints::Hints function can cause denial of service
An update for poppler is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27337: poppler: A logic error in the Hints::Hints function can cause denial of service