Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36561: segmemtation fault at xpdf-4.04/xpdf/AcroForm.cc:538 - forum.xpdfreader.com

XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.

CVE
#pdf

ycdxsb

Posts: 2

Joined: Wed Jul 13, 2022 2:09 am

segmemtation fault at xpdf-4.04/xpdf/AcroForm.cc:538

version:4.04
reproduce: pdftotext poc.pdf

Code: Select all

pwndbg> bt
#0  0x000055555561d7c9 in gAtomicIncrement (counter=<error reading variable: Cannot access memory at address 0x7fffff7feff0>) at /root/xpdf-4.04/goo/GMutex.h:67
#1  0x000055555561d832 in Dict::incRef (this=0x5555557d1960) at /root/xpdf-4.04/xpdf/Dict.h:40
#2  0x000055555568a4d5 in Object::copy (this=0x5555557b7bc8, obj=0x7fffff7ff1b0) at /root/xpdf-4.04/xpdf/Object.cc:93
#3  0x00005555556b2f47 in XRef::fetch (this=0x5555557b74e0, num=233, gen=0, obj=0x7fffff7ff1b0, recursion=0) at /root/xpdf-4.04/xpdf/XRef.cc:1212
#4  0x000055555568a575 in Object::fetch (this=0x5555557cfaf8, xref=0x5555557b74e0, obj=0x7fffff7ff1b0, recursion=0) at /root/xpdf-4.04/xpdf/Object.cc:116
#5  0x000055555561d6b1 in Dict::lookup (this=0x5555557cebb0, key=0x5555556dd841 "Parent", obj=0x7fffff7ff1b0, recursion=0) at /root/xpdf-4.04/xpdf/Dict.cc:125
#6  0x000055555568b126 in Object::dictLookup (this=0x7fffff7ff1c0, key=0x5555556dd841 "Parent", obj=0x7fffff7ff1b0, recursion=0) at /root/xpdf-4.04/xpdf/Object.h:267
#7  0x00005555555fad06 in AcroForm::scanField (this=0x5555557b6b60, fieldRef=0x7fffff7ff250) at /root/xpdf-4.04/xpdf/AcroForm.cc:538
#8  0x00005555555fad9b in AcroForm::scanField (this=0x5555557b6b60, fieldRef=0x7fffff7ff2d0) at /root/xpdf-4.04/xpdf/AcroForm.cc:548
#9  0x00005555555fad9b in AcroForm::scanField (this=0x5555557b6b60, fieldRef=0x7fffff7ff350) at /root/xpdf-4.04/xpdf/AcroForm.cc:548
#10 0x00005555555fad9b in AcroForm::scanField (this=0x5555557b6b60, fieldRef=0x7fffff7ff3d0) at /root/xpdf-4.04/xpdf/AcroForm.cc:548
#11 0x00005555555fad9b in AcroForm::scanField (this=0x5555557b6b60, fieldRef=0x7fffff7ff450) at /root/xpdf-4.04/xpdf/AcroForm.cc:548
#12 0x00005555555fad9b in AcroForm::scanField (this=0x5555557b6b60, fieldRef=0x7fffff7ff4d0) at /root/xpdf-4.04/xpdf/AcroForm.cc:548
#13 0x00005555555fad9b in AcroForm::scanField (this=0x5555557b6b60, fieldRef=0x7fffff7ff550) at /root/xpdf-4.04/xpdf/AcroForm.cc:548
#14 0x00005555555fad9b in AcroForm::scanField (this=0x5555557b6b60, fieldRef=0x7fffff7ff5d0) at /root/xpdf-4.04/xpdf/AcroForm.cc:548

Attachments

poc.pdf.zip

(30.31 KiB) Downloaded 44 times

Related news

Gentoo Linux Security Advisory 202409-25

Gentoo Linux Security Advisory 202409-25 - Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907