Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-27337: Logic error in function Hints::Hints (#1230) · Issues · poppler / poppler

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CVE
#dos#pdf

A logic error in Function Hints::Hints (poppler/Hints.cc) is found with fuzzing.

There is a check after the memory alloc and set the nPages to zero if failed:

if (!nObjects || !pageObjectNum || !xRefOffset || !pageLength || !pageOffset || !numSharedObject || !sharedObjectId) {

    error(errSyntaxWarning, -1, "Failed to allocate memory for hints table");

    nPages = 0;

}

But at the end of function, there is a direct call to function readTables WITHOUT the check of nPages.

I believe it should be changed to:

if (nPages != 0) {

    readTables(str, linearization, xref, secHdlr);

}

Otherwise, with the attached poc.pdf, program pdftops will hang for a very long time (days), could be a DoS.

pdftops poc.pdf

Edited Mar 15, 2022 by

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907