IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block.  IBM X-Force ID:  251991.

CVE-2023-29255: IBM DB2 for Linux, UNIX and Windows denial of service CVE-2023-29255 Vulnerability Report

Migration Toolkit for Applications 6.1.0 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
* CVE-2022-31690: A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.
* CVE-2022-41966: A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
* CVE-2022-46364: A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.


Issued:

2023-04-27

Updated:

2023-04-27

**RHSA-2023:2041 - Security Advisory**

*   Overview
*   Updated Images

**Synopsis**

Important: Migration Toolkit for Applications security and bug fix update

**Type/Severity**

Security Advisory: Important

**Topic**

Migration Toolkit for Applications 6.1.0 release  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Migration Toolkit for Applications 6.1.0 Images  

Security Fix(es):  

*   keycloak: path traversal via double URL encoding (CVE-2022-3782)
*   spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
*   xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
*   Apache CXF: SSRF Vulnerability (CVE-2022-46364)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Migration Toolkit for Applications 6.0 x86\_64

**Fixes**

*   BZ - 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding
*   BZ - 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability
*   BZ - 2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
*   BZ - 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow
*   MTA-118 - Automated tagging of resources with Windup
*   MTA-279 - All types of Source analysis is failing in MTA 6.1.0
*   MTA-311 - MTA operator fails to reconcile on a clean (non-upgrade) install
*   MTA-314 - PVCs may not provision if storageClassName is not set.
*   MTA-123 - MTA crashes cluster nodes when running bulk binary analysis due to requests and limits not being configurable
*   MTA-129 - User field in Manage Import is empty
*   MTA-160 - \[Upstream\] Maven Repositories "No QueryClient set, use QueryClientProvider to set one"
*   MTA-204 - Every http request made to tagtypes returns HTTP Status 404
*   MTA-256 - Update application import template
*   MTA-260 - \[Regression\] Application import through OOTB import template fails
*   MTA-261 - \[Regression\] UI incorrectly reports target applications have in-progress/complete assessment
*   MTA-263 - \[Regression\] Discard assessment option present even when assessment is not complete
*   MTA-267 - Analysis EAP targets should include eap8
*   MTA-268 - RFE: Automated Tagging details to add on Review analysis details page
*   MTA-28 - Success Alert is not displayed when subsequent analysis are submitted
*   MTA-282 - Discarding review results in 404 error
*   MTA-283 - Sorting broken on Application inventory page
*   MTA-284 - HTML reports download with no files in reports and stats folders
*   MTA-29 - Asterisk on Description while creating a credentials should be removed
*   MTA-297 - \[Custom migration targets\] Cannot upload JPG file as an icon
*   MTA-298 - \[Custom migration targets\] Unclear error when uploading image greater than 1Mb of size
*   MTA-299 - \[RFE\]\[Custom migration targets\] Assign an icon: Add image max size in the note under the image name
*   MTA-300 - \[Custom rules\] Cannot upload more than one rules file
*   MTA-303 - \[UI\]\[Custom migration targets\] The word "Please" should be removed from the error message about existing custom target name
*   MTA-304 - \[Custom rules\] Failed analysis when retrieving custom rules files from a repository
*   MTA-306 - MTA allows the uploading of multiple binaries for analysis
*   MTA-330 - With auth disabled, 'username' seen in the persona dropdown
*   MTA-332 - Tagging: Few Tags are highlighted with color
*   MTA-34 - Cannot filter by Business Service when copying assessments
*   MTA-345 - \[Custom migration targets\] Error message "imageID must be defined" is displayed when uploading image
*   MTA-35 - Only the first notification is displayed when discarding multiple copied assessments
*   MTA-350 - Maven Central links from the dependencies tab in reports seem to be broken
*   MTA-351 - AspectJ is not identified as an Open Source Library
*   MTA-356 - The inventory view has to be refreshed for the tags that were assigned by an analysis to appear
*   MTA-363 - \[UI\]\[Custom migration targets\] "Repository type" field name is missing
*   MTA-364 - \[Custom migration targets\] Unknown image file when editing a custom migration target
*   MTA-366 - Tagging: For no tags attached "filter by" can be improved
*   MTA-367 - \[Custom migration targets\] Cannot use a custom migration target in analysis
*   MTA-369 - Custom migration targets: HTML elements are duplicated
*   MTA-375 - Run button does not execute the analysis
*   MTA-377 - \[UI\]\[Custom rules\] Custom rules screen of the analysis configuration wizard is always marked as required
*   MTA-378 - \[UI\]\[Custom rules\] Info message on the Custom rules screen is not updated
*   MTA-38 - Only the first notification is displayed when multiple files are imported.
*   MTA-381 - Custom Rules: When try to update Add rules the Error alert is displayed
*   MTA-382 - Custom Rules: Sometimes able to upload duplicate rules files
*   MTA-388 - CSV reports download empty when enabling the option after an analysis
*   MTA-389 - \[Custom rules in Analysis\] Failed analysis when retrieving custom rules files from a private repository
*   MTA-391 - \[Custom rules in Analysis\] Targets from uploaded rules file are not removed once the file is removed
*   MTA-392 - Unable to see all custom migration targets when using a vertical monitor
*   MTA-41 - \[UI\] Failed to refresh token if Keycloak feature "Use Refresh Tokens" is off
*   MTA-412 - Display alert message before reviewing an already reviewed application
*   MTA-428 - \[Custom Rules\] MTA analysis custom rules conflict message
*   MTA-430 - Analysis wizard: Next button should be enabled only after at least one target is selected
*   MTA-438 - Tagging: Retrieving tags needs a loading indicator
*   MTA-439 - \[Regression\]\[Custom rules\] Failed to run analysis with custom rules from a repository
*   MTA-443 - Custom rules: Add button can be disabled until duplicate rule file is removed
*   MTA-50 - RFE: Replace the MTA acronym in the title with "Migration Toolkit for Applications"
*   MTA-51 - RFE: " Select the list of packages to be analyzed manually" to modify the title
*   MTA-52 - \[RFE\] We can change "Not associated artifact" to "No associated artifact"
*   MTA-55 - Can't choose a custom rule via a file explorer(mac OS finder) in Tackle 2.0
*   MTA-99 - Unable to use root path during checking for maven dependencies
*   MTA-78 - CVE-2022-46364 org.keycloak-keycloak-parent: Apache CXF: SSRF Vulnerability \[mta-6.0\]

**CVEs**

*   CVE-2021-4235
*   CVE-2022-1705
*   CVE-2022-2879
*   CVE-2022-2880
*   CVE-2022-2995
*   CVE-2022-3162
*   CVE-2022-3172
*   CVE-2022-3259
*   CVE-2022-3466
*   CVE-2022-3782
*   CVE-2022-4304
*   CVE-2022-4450
*   CVE-2022-27664
*   CVE-2022-30631
*   CVE-2022-31690
*   CVE-2022-32148
*   CVE-2022-32189
*   CVE-2022-32190
*   CVE-2022-41715
*   CVE-2022-41966
*   CVE-2022-46364
*   CVE-2023-0215
*   CVE-2023-0286
*   CVE-2023-0361
*   CVE-2023-0767
*   CVE-2023-23916

**x86\_64**

mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166

mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35

mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46

mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09

mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685

mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:2041: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function.

**Crash Inputs**

Here is the crash file that trigger the error

cmix\_asan\_crash\_mem\_overlap.zip

**Bug Description:**

When executing cmix (new release version) with the file inputs and parameter "-n", the ASan (Memory Sanitizer ) instrumented program terminates with Nonfatal Error shown below.

    ==102390==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x619000041c63,0x619000041c67) and [0x619000041c64, 0x619000041c68) overlap
        #0 0x4ca038 in __asan_memcpy (/cmix/cmix_asan+0x4ca038)
        #1 0x656a09 in paq8::FrenchStemmer::ConvertUTF8(paq8::Word*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:2502:11
        #2 0x65569b in paq8::FrenchStemmer::Stem(paq8::Word*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:2782:5
        #3 0x558c65 in paq8::TextModel::Update(paq8::Buf&, paq8::ModelStats*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:3258:28
        #4 0x63978b in paq8::TextModel::Predict(paq8::Mixer&, paq8::Buf&, paq8::ModelStats*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:3160:7
        #5 0x615679 in paq8::contextModel2(paq8::ModelStats*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:8183:13
        #6 0x61867b in paq8::Predictor::update() /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:8277:11
        #7 0x6c0d24 in Predictor::Perceive(int) /data/Deter-Study/temp/benchmark/crash/cmix/src/predictor.cpp:394:12
        #8 0x4fed5c in Encoder::Encode(int) /data/Deter-Study/temp/benchmark/crash/cmix/src/coder/encoder.cpp:23:7
        #9 0x6ef0d0 in Compress(unsigned long long, std::basic_ifstream<char, std::char_traits<char> >*, std::basic_ofstream<char, std::char_traits<char> >*, unsigned long long*, Predictor*) /data/Deter-Study/temp/benchmark/crash/cmix/src/runner.cpp:106:9
        #10 0x6f06d3 in RunCompression(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, _IO_FILE*, unsigned long long*, unsigned long long*) /data/Deter-Study/temp/benchmark/crash/cmix/src/runner.cpp:203:3
        #11 0x6f3b13 in main /data/Deter-Study/temp/benchmark/crash/cmix/src/runner.cpp:298:10
        #12 0x7f0cc1be9c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
        #13 0x41f819 in _start (/cmix/cmix_asan+0x41f819)
    
    0x619000041c63 is located 483 bytes inside of 960-byte region [0x619000041a80,0x619000041e40)
    allocated by thread T0 here:
        #0 0x4cb3ba in calloc (/cmix/cmix_asan+0x4cb3ba)
        #1 0x654691 in paq8::Array<paq8::Word, 0>::create(unsigned int) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:118:16
        #2 0x654691 in paq8::Array<paq8::Word, 0>::Array(unsigned int) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:76
        #3 0x654691 in paq8::Cache<paq8::Word, 8u>::Cache() /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:3013
    
    0x619000041c64 is located 484 bytes inside of 960-byte region [0x619000041a80,0x619000041e40)
    allocated by thread T0 here:
        #0 0x4cb3ba in calloc (/cmix/cmix_asan+0x4cb3ba)
        #1 0x654691 in paq8::Array<paq8::Word, 0>::create(unsigned int) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:118:16
        #2 0x654691 in paq8::Array<paq8::Word, 0>::Array(unsigned int) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:76
        #3 0x654691 in paq8::Cache<paq8::Word, 8u>::Cache() /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:3013
    
    SUMMARY: AddressSanitizer: memcpy-param-overlap (/cmix/cmix_asan+0x4ca038) in __asan_memcpy
    

**Step to reproduce**

*   download the cmix from github and build it with ASAN
*   Execute cmix with provide files and given parameters "-n".

CVE-2023-29596: [BUG]: ERROR memcpy-param-overlap · Issue #54 · byronknoll/cmix

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery.  IBM X-Force ID:  249196.

CVE-2023-27559

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.

CVE-2022-45456

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-26930: GitHub - huanglei3/xpdf_aborted

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc.

XPDF v4.04

pdftotext poc

Syntax Warning: PDF file is damaged - attempting to reconstruct xref table... Syntax Error (2711): Dictionary key must be a name object Syntax Error (2715): Dictionary key must be a name object Syntax Error (2720): Dictionary key must be a name object Syntax Error: Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (393): Illegal character <3d> in hex string Syntax Error (398): Illegal character <80> in hex string Syntax Error (399): Illegal character <67> in hex string Syntax Error (400): Illegal character <74> in hex string Syntax Error (401): Illegal character <68> in hex string Syntax Error (409): Illegal character '>' Syntax Error (172): Dictionary key must be a name object Syntax Error (393): Illegal character <3d> in hex string Syntax Error (398): Illegal character <80> in hex string Syntax Error (399): Illegal character <67> in hex string Syntax Error (400): Illegal character <74> in hex string Syntax Error (401): Illegal character <68> in hex string Syntax Error (409): Illegal character '>' Syntax Error (887): Illegal character ')' Syntax Error (1296): Illegal character ')' Syntax Error (1781): Illegal character ')' Syntax Error (2386): Dictionary key must be a name object Syntax Error (2390): Dictionary key must be a name object Syntax Error: Unterminated string Syntax Error: End of file inside dictionary Syntax Error: End of file inside array Syntax Error: End of file inside dictionary

Program received signal SIGSEGV, Segmentation fault.

(gdb) bt

#0 0x00007ffff7a989df in \_IO\_new\_file\_seekoff (fp=0x555555b81c30, offset=1446, dir=0, mode=) at fileops.c:976 #1 0x00007ffff7a967cd in \_\_fseeko (fp=0x555555b81c30, offset=offset@entry=1446, whence=whence@entry=0) at fseeko.c:40 #2 0x0000555555848c19 in gfseek (f=, offset=offset@entry=1446, whence=whence@entry=0) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/goo/gfile.cc:733 #3 0x00005555557ec8c1 in SharedFile::readBlock (this=0x555555b81fd0, buf=buf@entry=0x555555b832b8 "6 0 objnt 3 0 R\\r\\n/Resources <<\\r\\n/Font <<\\r\\n/F1 9 0 R \\r\\n>>\\r\\n/ProcSet 8 0 R\\r\\n>>\\r\\n/MediaBo\\202 \[0 0 612.0000 792.0000\]\\r\\n\\r\\n7 0 obj\\r\\n<< /Length 676 >> 00000 Name /ream\\r\\n2 J\\r\\nBT\\r\\n0\\r\\n57.3750 722.2800 Td\\r\\n( Simpl"..., pos=1446, size=256) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Stream.cc:739 #4 0x00005555557ecfe8 in FileStream::fillBuf (this=this@entry=0x555555b83280) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Stream.cc:842 #5 0x0000555555813d23 in FileStream::getChar (this=0x555555b83280) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Stream.h:324 #6 0x00005555557b1153 in Object::streamGetChar (this=0x555555b833f0) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.h:300 #7 Lexer::getChar (this=this@entry=0x555555b833e0) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Lexer.cc:93 #8 0x00005555557b13fa in Lexer::getObj (this=0x555555b833e0, obj=obj@entry=0x555555b838e8) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Lexer.cc:125 #9 0x00005555557d078d in Parser::Parser (this=0x555555b838d0, xrefA=, lexerA=, allowStreamsA=) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Parser.cc:35 #10 0x000055555582c0e2 in XRef::fetch (this=0x555555b83990, num=6, gen=0, obj=0x7fffff7ff330, recursion=) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/XRef.cc:1231 #11 0x00005555556754a0 in Object::arrayGet (this=0x7fffff7ff320, recursion=0, obj=0x7fffff7ff330, i=1) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.h:243 #12 Catalog::countPageTree (this=0x555555b5d4a0, pagesObj=) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:566

CVE-2023-26935: GitHub - huanglei3/xpdf_heapoverflow

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function.

CVE-2023-26931

libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427.

CVE-2022-44232: GitHub - huanglei3/libming_crashes

An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter.

poc:copy30 or copy31 ;link: https://github.com/huanglei3/xpdf\_Stack-backtracking/blob/main/copy30 $ gdb --args pdftotext copy30 pwndbg> r Syntax Error: Couldn't read xref table Syntax Warning: PDF file is damaged - attempting to reconstruct xref table... Syntax Error (2667): Dictionary key must be a name object Syntax Error (2671): Dictionary key must be a name object Syntax Error (2676): Dictionary key must be a name object Syntax Error: Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (203): Illegal character <2f> in hex string Syntax Error (204): Illegal character <54> in hex string Syntax Error (205): Illegal character <79> in hex string Syntax Error (206): Illegal character <70> in hex string Syntax Error (209): Illegal character <52> in hex string Syntax Error (211): Illegal character <5d> in hex string Syntax Error (216): Illegal character '>' Syntax Error (268): Dictionary key must be a name object Syntax Error (273): Dictionary key must be a name object Syntax Error (396): Dictionary key must be a name object Syntax Error (399): Dictionary key must be a name object Syntax Error: Unterminated string Syntax Error: End of file inside dictionary Syntax Error: End of file inside array Syntax Error: End of file inside dictionary Syntax Error (268): Dictionary key must be a name object Syntax Error (273): Dictionary key must be a name object Program received signal SIGSEGV, Segmentation fault. 0x00005555557c014b in Object::copy (this=this@entry=0x555555b84078, obj=obj@entry=0x7fffff7ff130) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.cc:99 99 obj->cmd = copyString(cmd); LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ► 99 obj->cmd = copyString(cmd); pwndbg> bt #0 0x00005555557c014b in Object::copy (this=this@entry=0x555555b84078, obj=obj@entry=0x7fffff7ff130) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.cc:99 #1 0x000055555582cbd8 in XRef::fetch (this=0x555555b83990, num=<optimized out>, gen=<optimized out>, obj=0x7fffff7ff130, recursion=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/XRef.cc:1212 #2 0x00005555556754a0 in Object::arrayGet (this=0x7fffff7ff120, recursion=0, obj=0x7fffff7ff130, i=17) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.h:243 #3 Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:566 #4 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #5 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #6 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #7 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #8 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #9 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #10 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #11 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #12 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #13 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #14 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #15 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #16 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #17 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #18 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #19 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #20 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #21 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #22 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #23 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #24 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b852e0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567

Tag

#dos