Headline

CVE-2021-36493: Stack overflow bugs in pdfimages of xpdf 4.03

Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
1 year ago
CVE
Open in Source
#vulnerability #pdf #buffer_overflow
janice
Posts: 5
Joined: Fri Jun 18, 2021 7:04 am
Stack overflow bugs in pdfimages of xpdf 4.03
Hi,
Xpdf 4.03 still causes the stack overflow bugs. I tested pdfimages and found 9 crashes reported by AddressSanitizer.
The command I used is $/xpdf-4.03/xpdf/pdfimages $POC /dev/null, and the POC files and ASAN output files have been uploaded to the attachment.
Thanks for the fix and development.
Take the output of POC_0 as an example.
Code: Select all
Syntax Error: Couldn't read xref table
Syntax Warning: PDF file is damaged - attempting to reconstruct xref table...
Syntax Error (325): Illegal character ')'
Syntax Error (3715): Dictionary key must be a name object
Syntax Error (3723): Unknown filter ''
Syntax Error (10040): Dictionary key must be a name object
Syntax Error (10041): Dictionary key must be a name object
Syntax Error (10052): Dictionary key must be a name object
Syntax Error (11249): Dictionary key must be a name object
Syntax Error (12404): Dictionary key must be a name object
Syntax Error (12405): Illegal character ')'
Syntax Error (12405): Dictionary key must be a name object
Syntax Error (12414): Dictionary key must be a name object
Syntax Error (12438): Dictionary key must be a name object
Syntax Error (12086): Command token too long
Syntax Error (12404): Dictionary key must be a name object
Syntax Error (12405): Illegal character ')'
Syntax Error (12405): Dictionary key must be a name object
Syntax Error (12414): Dictionary key must be a name object
Syntax Error (12438): Dictionary key must be a name object
Syntax Error (13229): Illegal character '>'
Syntax Error (13230): Illegal character ')'
Syntax Error (13359): Illegal character '>'
Syntax Error (13360): Illegal character ')'
Syntax Error (13381): Illegal character '>'
Syntax Error (13882): Dictionary key must be a name object
Syntax Error (13888): Dictionary key must be a name object
Syntax Error (14012): Dictionary key must be a name object
Syntax Error (14014): Dictionary key must be a name object
Syntax Error (14018): Dictionary key must be a name object
Syntax Error: Dictionary key must be a name object
Syntax Error: End of file inside dictionary
Syntax Error: End of file inside array
Syntax Error: End of file inside array
Syntax Error: End of file inside array
Syntax Error: End of file inside array
Syntax Error: End of file inside dictionary
Syntax Error (218): Dictionary key must be a name object
Syntax Error (220): Dictionary key must be a name object
Syntax Error (222): Dictionary key must be a name object
Syntax Error (225): Dictionary key must be a name object
AddressSanitizer:DEADLYSIGNAL
=================================================================
==6299==ERROR: AddressSanitizer: stack-overflow on address 0x7fffff7fef88 (pc 0x0000004c9349 bp 0x7fffff7ff7d0 sp 0x7fffff7fef90 T0)
    #0 0x4c9348 in __asan_memcpy /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:22:3
    #1 0x744119 in XRef::fetch(int, int, Object*, int) /xpdf-4.03/xpdf/XRef.cc:1180:11
    #2 0x6c69d2 in Object::fetch(XRef*, Object*, int) /xpdf-4.03/xpdf/Object.cc:116:16
    #3 0x52c1f3 in Array::get(int, Object*, int) /xpdf-4.03/xpdf/Array.cc:62:19
    #4 0x51b0d6 in Object::arrayGet(int, Object*, int) /xpdf-4.03/xpdf/Object.h:243:19
    #5 0x532744 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:566:12
    #6 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #7 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #8 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #9 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #10 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #11 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #12 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #13 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #14 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #15 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #16 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #17 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #18 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #19 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #20 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #21 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #22 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #23 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #24 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #25 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #26 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #27 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #28 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #29 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #30 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #31 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #32 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #33 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #34 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #35 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #36 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #37 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #38 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #39 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #40 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #41 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #42 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #43 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #44 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #45 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #46 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #47 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #48 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #49 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #50 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #51 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #52 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #53 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #54 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #55 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #56 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #57 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #58 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #59 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #60 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #61 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #62 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #63 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #64 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #65 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #66 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #67 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #68 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #69 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #70 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #71 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #72 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #73 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #74 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #75 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #76 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #77 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #78 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #79 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #80 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #81 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #82 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #83 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #84 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #85 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #86 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #87 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #88 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #89 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #90 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #91 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #92 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #93 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #94 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #95 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #96 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #97 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #98 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #99 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #100 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #101 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #102 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #103 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #104 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #105 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #106 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #107 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #108 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #109 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #110 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #111 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #112 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #113 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #114 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #115 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #116 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #117 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #118 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #119 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #120 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #121 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #122 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #123 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #124 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #125 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #126 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #127 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #128 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #129 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #130 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #131 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #132 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #133 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #134 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #135 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #136 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #137 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #138 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #139 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #140 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #141 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #142 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #143 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #144 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #145 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #146 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #147 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #148 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #149 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #150 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #151 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #152 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #153 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #154 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #155 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #156 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #157 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #158 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #159 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #160 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #161 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #162 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #163 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #164 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #165 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #166 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #167 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #168 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #169 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #170 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #171 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #172 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #173 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #174 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #175 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #176 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #177 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #178 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #179 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #180 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #181 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #182 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #183 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #184 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #185 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #186 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #187 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #188 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #189 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #190 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #191 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #192 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #193 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #194 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #195 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #196 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #197 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #198 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #199 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #200 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #201 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #202 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #203 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #204 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #205 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #206 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #207 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #208 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #209 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #210 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #211 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #212 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #213 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #214 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #215 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #216 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #217 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #218 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #219 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #220 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #221 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #222 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #223 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #224 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #225 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #226 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #227 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #228 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #229 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #230 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #231 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #232 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #233 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #234 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #235 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #236 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #237 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #238 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #239 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #240 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #241 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #242 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #243 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #244 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #245 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #246 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #247 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12
    #248 0x532755 in Catalog::countPageTree(Object*) /xpdf-4.03/xpdf/Catalog.cc:567:12

SUMMARY: AddressSanitizer: stack-overflow /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:22:3 in __asan_memcpy
==6299==ABORTING
Attachments
POC.zip
(42.13 KiB) Downloaded 230 times
asan.zip
(20.36 KiB) Downloaded 195 times
Last edited by janice on Mon Jun 28, 2021 8:51 am, edited 1 time in total.
derekn
Posts: 859
Joined: Wed Apr 05, 2017 6:57 pm
Re: Stack overflow bugs in pdfimages of xpdf 4.03
Post by derekn » Fri Jun 18, 2021 9:47 pm
This kind of stack overflow is due to loops in the PDF object structure. It’s a known problem in Xpdf 4.x (and earlier). Xpdf 4 includes checks for some specific loops, but it doesn’t catch all of them. I’m working on a more robust loop detector for Xpdf 5.
CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago