[
https://issues.apache.org/jira/browse/PDFBOX-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Huang Wenjie updated PDFBOX-5339:
---------------------------------
Description:
Recently we (Zhang Cen and Huang Wenjie) found and submitted several bugs of
latest pdfbox (3.0.0-alpha2).
For your convenience, here lists the bug summary for all reported bugs (will
keep it updated).
Note that each issue is a unique bug (we sorted and refined them from thousands
of crashes)
Any discussion about the bugs are welcome.
1. Unqiue Bugs Found
<p style='text-align: justify;'>Recently we ([Zhang
Cen]([https://github.com/occia]) and [Huang
Wenjie]([https://github.com/ZanderHuang])) discovered a series of bugs in
latest pdfbox (3.0.0-alpha2).
Every bug we reported in the following is unique and reproducable. Furthermore,
they have been manually analyzed and triaged in removing the duplicates.
<br />Due to the lack of contextual knowledge in the pdfbox library, we cannot
thoroughly fix some bugs hence we look forward to any proposed plan from the
developers in fixing these bugs.</p>
2. Bug Report and Crash Seeds
The bug report folder can be downloaded from
[https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing]
It contains both reports and crash seeds.
3. Test Program to Reproduce Crashes
The test program can be downloaded from
[https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing]
Total 70 bugs are reported in this pull request.
A full list is provided below.
4. Folder structure
- Level 1 (folder): exception type
- Level 2 (folder): error location
- Level 3 (files): POC file and *{*}report.txt{*}* including reproducing steps
5. report.txt content:
1. Exception type
2. Error location
3. Bug cause and impact
4. Crash thread's stacks
5. Steps to reproduce
6. Bug full list
pdfbox_reported_crashes_latest
├── java.lang.ArrayIndexOutOfBoundsException
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
│ ├── org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
│ ├──
org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
│ ├──
org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
│ └──
org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
├── java.lang.ClassCastException
│ ├── org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
│ ├──
org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
│ ├──
org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ ├──
org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
│ └── org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
├── java.lang.IllegalArgumentException
│ ├──
org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
│ ├── org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
│ ├── org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
│ ├──
org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
│ ├──
org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
│ ├── org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
│ └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
├── java.lang.IllegalStateException
│ ├── org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
│ └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
├── java.lang.IndexOutOfBoundsException
│ ├──
org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
│ ├──
org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
│ ├──
org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
│ ├── org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
│ ├──
org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
├── java.lang.NegativeArraySizeException
│ └──
org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
├── java.lang.NullPointerException
│ ├── org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
│ ├── org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ ├── org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
│ ├── org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
│ ├── org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
│ ├──
org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
│ ├──
org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
│ ├── org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
│ ├── org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
│ ├── org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
│ ├──
org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
│ ├──
org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
│ ├──
org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
│ ├──
org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
│ ├──
org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
│ └──
org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
├── java.lang.NumberFormatException
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
│ ├── org.apache.fontbox.type1.Token.floatValue--Token.java-112
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
├── java.lang.StackOverflowError
│ ├── org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
│ ├──
org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
│ ├── org.apache.pdfbox.cos.COSName.equals--COSName.java-738
│ ├──
org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
│ ├── org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
│ ├── org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
│ ├── org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
│ └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
└── java.nio.BufferUnderflowException
├── org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
└── org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
Any further discussion for these vulnerabilities including fix is welcomed and
look forward to hearing from you.
was:
Recently we (Zhang Cen and Huang Wenjie) found and submitted several bugs of
latest pdfbox (3.0.0-alpha2).
For your convenience, here lists the bug summary for all reported bugs (will
keep it updated).
Note that each issue is a unique bug (we sorted and refined them from thousands
of crashes)
Any discussion about the bugs are welcome.
## Unqiue Bugs Found
<p style='text-align: justify;'>Recently we ([Zhang
Cen](https://github.com/occia) and [Huang
Wenjie](https://github.com/ZanderHuang)) discovered a series of bugs in latest
pdfbox (3.0.0-alpha2).
Every bug we reported in the following is unique and reproducable. Furthermore,
they have been manually analyzed and triaged in removing the duplicates.
<br />Due to the lack of contextual knowledge in the pdfbox library, we cannot
thoroughly fix some bugs hence we look forward to any proposed plan from the
developers in fixing these bugs.</p>
## Bug Report and Crash Seeds
The bug report folder can be downloaded from
https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing
It contains both reports and crash seeds.
## Test Program to Reproduce Crashes
The test program can be downloaded from
https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing
Total 70 bugs are reported in this pull request.
A full list is provided below.
### Folder structure
- Level 1 (folder): exception type
- Level 2 (folder): error location
- Level 3 (files): POC file and **report.txt** including reproducing steps
### report.txt content:
1. Exception type
2. Error location
3. Bug cause and impact
4. Crash thread's stacks
5. Steps to reproduce
### Bug full list
pdfbox_reported_crashes_latest
├── java.lang.ArrayIndexOutOfBoundsException
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
│ ├── org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
│ ├──
org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
│ ├──
org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
│ └──
org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
├── java.lang.ClassCastException
│ ├── org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
│ ├──
org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
│ ├──
org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ ├──
org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
│ └── org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
├── java.lang.IllegalArgumentException
│ ├──
org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
│ ├── org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
│ ├── org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
│ ├──
org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
│ ├──
org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
│ ├── org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
│ └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
├── java.lang.IllegalStateException
│ ├── org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
│ └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
├── java.lang.IndexOutOfBoundsException
│ ├──
org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
│ ├──
org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
│ ├──
org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
│ ├── org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
│ ├──
org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
├── java.lang.NegativeArraySizeException
│ └──
org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
├── java.lang.NullPointerException
│ ├── org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
│ ├── org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ ├── org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
│ ├── org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
│ ├── org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
│ ├──
org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
│ ├──
org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
│ ├── org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
│ ├── org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
│ ├── org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
│ ├──
org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
│ ├──
org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
│ ├──
org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
│ ├──
org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
│ ├──
org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
│ └──
org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
├── java.lang.NumberFormatException
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
│ ├── org.apache.fontbox.type1.Token.floatValue--Token.java-112
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
├── java.lang.StackOverflowError
│ ├── org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
│ ├──
org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
│ ├── org.apache.pdfbox.cos.COSName.equals--COSName.java-738
│ ├──
org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
│ ├── org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
│ ├── org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
│ ├── org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
│ └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
└── java.nio.BufferUnderflowException
├── org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
└── org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
Any further discussion for these vulnerabilities including fix is welcomed and
look forward to hearing from you.
> A list of bugs found (70 bugs in total)
> ---------------------------------------
>
> Key: PDFBOX-5339
> URL: https://issues.apache.org/jira/browse/PDFBOX-5339
> Project: PDFBox
> Issue Type: Bug
> Affects Versions: 3.0.0 JBIG2
> Reporter: Huang Wenjie
> Priority: Major
>
> Recently we (Zhang Cen and Huang Wenjie) found and submitted several bugs of
> latest pdfbox (3.0.0-alpha2).
> For your convenience, here lists the bug summary for all reported bugs (will
> keep it updated).
> Note that each issue is a unique bug (we sorted and refined them from
> thousands of crashes)
> Any discussion about the bugs are welcome.
> 1. Unqiue Bugs Found
> <p style='text-align: justify;'>Recently we ([Zhang
> Cen]([https://github.com/occia]) and [Huang
> Wenjie]([https://github.com/ZanderHuang])) discovered a series of bugs in
> latest pdfbox (3.0.0-alpha2).
> Every bug we reported in the following is unique and reproducable.
> Furthermore, they have been manually analyzed and triaged in removing the
> duplicates.
> <br />Due to the lack of contextual knowledge in the pdfbox library, we
> cannot thoroughly fix some bugs hence we look forward to any proposed plan
> from the developers in fixing these bugs.</p>
> 2. Bug Report and Crash Seeds
> The bug report folder can be downloaded from
> [https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing]
> It contains both reports and crash seeds.
> 3. Test Program to Reproduce Crashes
> The test program can be downloaded from
> [https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing]
> Total 70 bugs are reported in this pull request.
> A full list is provided below.
> 4. Folder structure
> - Level 1 (folder): exception type
> - Level 2 (folder): error location
> - Level 3 (files): POC file and *{*}report.txt{*}* including reproducing
> steps
> 5. report.txt content:
> 1. Exception type
> 2. Error location
> 3. Bug cause and impact
> 4. Crash thread's stacks
> 5. Steps to reproduce
>
> 6. Bug full list
> pdfbox_reported_crashes_latest
> ├── java.lang.ArrayIndexOutOfBoundsException
> │ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
> │ ├── org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
> │ ├──
> org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
> │ ├──
> org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
> │ └──
> org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
> ├── java.lang.ClassCastException
> │ ├── org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
> │ ├──
> org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
> │ ├──
> org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
> │ └── org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
> ├── java.lang.IllegalArgumentException
> │ ├──
> org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
> │ ├── org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
> │ ├── org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
> │ ├──
> org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
> │ ├──
> org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
> │ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
> │ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
> │ └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
> ├── java.lang.IllegalStateException
> │ ├──
> org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
> │ └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
> ├── java.lang.IndexOutOfBoundsException
> │ ├──
> org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
> │ ├──
> org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
> │ ├──
> org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
> │ ├── org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
> │ ├──
> org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
> │ └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
> ├── java.lang.NegativeArraySizeException
> │ └──
> org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
> ├── java.lang.NullPointerException
> │ ├── org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
> │ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
> │ ├── org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
> │ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
> │ ├── org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
> │ ├── org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
> │ ├──
> org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
> │ ├──
> org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
> │ ├──
> org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
> │ ├── org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
> │ ├──
> org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
> │ ├── org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
> │ ├──
> org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
> │ └──
> org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
> ├── java.lang.NumberFormatException
> │ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
> │ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
> │ ├── org.apache.fontbox.type1.Token.floatValue--Token.java-112
> │ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
> │ └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
> ├── java.lang.StackOverflowError
> │ ├──
> org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
> │ ├──
> org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
> │ ├── org.apache.pdfbox.cos.COSName.equals--COSName.java-738
> │ ├──
> org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
> │ ├──
> org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
> │ ├── org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
> │ ├── org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
> │ └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
> └── java.nio.BufferUnderflowException
> ├── org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
> └──
> org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
>
>
> Any further discussion for these vulnerabilities including fix is welcomed
> and look forward to hearing from you.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
