Headline
CVE-2022-33108: There seems to be a stack overflow vulnerability here, can you take a look, source code:Object::copy
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
Post Reply
- Print view
Advanced search
2 posts • Page 1 of 1
H00K1998
Posts: 5
Joined: Sat Jun 04, 2022 8:14 am
There seems to be a stack overflow vulnerability here, can you take a look, source code:Object::copy
- Quote
Post by H00K1998 » Sat Jun 04, 2022 8:24 am
Hello, I seem to encounter a stack overflow vulnerability in the process of fuzz test (afl++), can you take a look
Enjoy:)
Attachments
poc-images.7z
(188.3 KiB) Downloaded 4 times
Top
derekn
Posts: 757
Joined: Wed Apr 05, 2017 6:57 pm
Re: There seems to be a stack overflow vulnerability here, can you take a look, source code:Object::copy
- Quote
Post by derekn » Thu Jun 09, 2022 7:58 pm
That’s due to an object loop in the PDF file. I’m planning to implement a more robust loop checker in Xpdf 5.
Top
Post Reply
- Print view
Display: Sort by: Direction:
2 posts • Page 1 of 1
Return to “Xpdf open source”
Jump to
- XpdfReader
- Xpdf open source
Related news
Gentoo Linux Security Advisory 202409-25 - Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected.
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.