Headline

CVE-2018-20650: a reachable abort in FileSpec::FileSpec in FileSpec.cc (#704) · Issues · poppler / poppler · GitLab

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

5 years ago

CVE

Open in Source

#dos #git #pdf

Version: latest compiled version from git repo

Command: pdfdetach -save 1 abort2.pdf

Backtrace:

Internal Error (0): Call to Object where the object was type 3, not the expected type 7

Breakpoint 2, __GI_abort () at abort.c:51
51      abort.c: No such file or directory.
(gdb) bt
#0  __GI_abort () at abort.c:51
#1  0x0814e543 in Object::dictLookup (key=0x8611060 "Desc", this=0xf3f02854, this=0xf3f02854, recursion=0) at /work/poppler/poppler/Object.h:369
#2  0x0814fab2 in FileSpec::FileSpec (this=0xf3f02850, fileSpecA=0xf5b06ef4) at /work/poppler/poppler/FileSpec.cc:138
#3  0x08115ac4 in main (argc=2, argv=0xffffd7a4) at /work/poppler/utils/pdfdetach.cc:180
(gdb) list FileSpec.cc:138
133             return;
134           }
135         }
136       }
137
138       obj1 = fileSpec.dictLookup("Desc");
139       if (obj1.isString())
140         desc = obj1.getString()->copy();
141     }
142

The pdf file is attached here. reachabort2.pdf

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

9 months ago

9 months ago

9 months ago

9 months ago

9 months ago