Headline
CVE-2020-23804: Overflow in Xref (#936) · Issues · poppler / poppler · GitLab
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
We are currently migrating away from gitlab hosting cloud for the registry. There will be a final maintenance down time on Sunday 27th August, from approx 8-12am UTC. See the tracker issue for more informations. Note that the registry will see a brief outage, and potentially lag between uploads and availability during that window.
- poppler
- poppler
- Issues
- #936
I find an overflow in XRef, which is caused by mutual recursive call.
./pdfinfo ./xref.pdf
xref.zip
To upload designs, you’ll need to enable LFS and have an admin enable hashed storage. More information
Related news
Ubuntu Security Notice 6508-1 - It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.