Headline
CVE-2023-31555: [podofo-0.10.0]a SIGSEGV error occurs · Issue #67 · podofo/podofo
podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.
When using podofopdfinfo to parse a PDF file, a SIGSEGV error occurs. By debugging with gdb, it was found that the error occurred at line 163 in podofo-0.10.0/src/podofo/main/PdfObject.cpp:
if (m_IsDelayedLoadDone)
When checking the value of m_IsDelayedLoadDone with “p” command, it was found that the value was 0x31. As a boolean value, it should only be assigned either 0 or 1, but not any other numbers. Previously, PoDoFo::PdfObject::DelayedLoad was also called and executed normally, but calling this function in the getString() function would result in a failure. The specific gdb bt stack trace is as follows.
Command Input
podofopdfinfo poc_file
poc_file are attached.
Environment
- OS: Ubuntu 20.04.1
- clang:12.0.0
- podofo:0.10.0
poc_file.zip