Headline
CVE-2018-19058: A reachable abort() at Object.h:403 (#659) · Issues · poppler / poppler · GitLab
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
pdfdetch****desciption
funtion abort() in library, will lead to denial of service.
version
The latest stable release poppler-0.71.0, released on Oct 31, 2018
others
this bug is reported by pwd@360TeamSeri0us, please send email to [email protected] if you have any questions.
a reachable abort at Object.h:403****Test Target
$ ./pdfdetch --save 1 poc
Internal Error (0): Call to Object where the object was type 7, not the expected type 8
Aborted (core dumped)
debug info
#define OBJECT_TYPE_CHECK(wanted_type) \
if (unlikely(type != wanted_type)) { \
error(errInternal, 0, "Call to Object where the object was type {0:d}, " \
"not the expected type {1:d}", type, wanted_type); \
abort(); \
}
abort_Object.h_403