Headline
CVE-2022-38349: SIGABRT at poppler/PDFDoc.cc:1755 (#1282) · Issues · poppler / poppler · GitLab
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
Hi, we found a bug in poppler/PDFDoc.cc:1755. When the bug is triggered, the program would crash with the following backtrace.
To reproduce, run pdfunite t.pdf poc 2.pdf
(gdb) bt
#0 0x00007ffff745f8c1 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff7449546 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff7a5eb18 in Object::getDict (this=0x7fffffffe0c8)
at /home/users/chluo/pop/poppler/Object.h:435
#3 PDFDoc::replacePageDict (this=0x5555555bb430, pageNo=<optimized out>,
rotate=90, mediaBox=0x5555555e3b50, cropBox=0x5555555e3b70)
at /home/users/chluo/pop/poppler/PDFDoc.cc:1755
#4 0x000055555555c9fa in main (argc=<optimized out>, argv=<optimized out>)
at /home/users/chluo/pop/utils/pdfunite.cc:290
The bug is relevant to #706 (closed) and #1276 (closed).
poc.zip
Related news
Ubuntu Security Notice 6508-1 - It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.