Headline
CVE-2021-37819: bug fix: infinite loop caused by pdf object of a kid pointing to kid's parent (!21) · Merge requests · pdftk-java / pdftk-java · GitLab
PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.
Merged requested to merge taewookim7646/pdftk:bug-fix into master Jul 29, 2021
System environment
- Ubuntu 16.04 LTS
- openjdk version “11.0.11” 2021-04-20
- OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.18.04)
- OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.18.04, mixed mode)
- Gradle 7.0.1
- pdftk version 71fb58a8
Execution (crafted file pdftk_PoC.zipzip)
$ ./pdftk-2.02-dist/pdftk/pdftk ./CVE-2007-0103_AcrobatReader output tmpf/tmp
- the input file is retrieved from CVE-2007-0103 PoC file. I also included another file partially mutated from the PoC file.
An infinite loop occurs due to the object id pointing to itself. It occurs due to the kid object pointing parent object id.
I’ve developed a patch code.
Please check and confirm the patch code.
Edited Jul 29, 2021 by Taewoo Kim