Hi Simon,
Am 18.05.21 um 14:47 schrieb Simon Steiner:
Hi,
Do you have the pdf's for these so I can verify they are fixed:
Yes, the files don't contain any critical data as they were created by some
fuzzy logic. They are more or less garbage
PDFBOX-4071: skip duplicates - CVE-2018-11797
PDFBOX-5112, CVE-2021-27906: added another check for the W and the Index
array, reduce memory footprint
I've attached the pdf, it doesn't have much in common with a real pdf.
PDFBOX-4892, CVE-2021-27807: sync read/readFully code to get the same
behaviour for all classes implementing the same interface
I've attached a piece of code containing the pdf encoded as base64 stream
Andreas
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
import org.apache.pdfbox.io.MemoryUsageSetting;
import org.apache.pdfbox.pdmodel.PDDocument;
import java.io.IOException;
import java.util.Base64;
public class PdfBoxReproducer_0913d34f973cb618fe9c72d1b975f38d3a17c1d3 {
static final String base64Input = "ef//RET/KS8AYgAAtDd0cmFpbGVyPDxmJSkvAGIAALQ3dHJhkWlsZUlyPDxmJVBERi0vIPb2APYlUERGLS8g9vYA9i9UaGlhbW5uO0+tjY2NcmVuZG9vO0RGN0RhWQAAAAAAAAB0YQ==";
public static void main(String[] args) throws IOException {
PDDocument.load(Base64.getDecoder().decode(base64Input),
null,
null,
null,
MemoryUsageSetting.setupMainMemoryOnly(1_000));
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
