[
https://issues.apache.org/jira/browse/PDFBOX-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Huang Wenjie updated PDFBOX-5339:
---------------------------------
Description:
1. Unqiue Bugs Found
Recently we (Zhang Cen, [https://github.com/occia] and Huang Wenjie
[https://github.com/ZanderHuang]) discovered a series of bugs in latest pdfbox
(3.0.0-alpha2).
Every bug we reported in the following is unique and reproducable. Furthermore,
they have been manually analyzed and triaged in removing the duplicates.
Due to the lack of contextual knowledge in the pdfbox library, we cannot
thoroughly fix some bugs hence we look forward to any proposed plan from the
developers in fixing these bugs.
2. Bug Report and Crash Seeds
The bug report folder can be downloaded from
[https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing]
It contains both reports and crash seeds.
3. Test Program to Reproduce Crashes
The test program can be downloaded from
[https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing]
Total 70 bugs are reported in this issue.
A full list is provided below.
4. Folder structure
- Level 1 (folder): exception type
- Level 2 (folder): error location
- Level 3 (files): POC file and {*}{{*}}report.txt{{*}}{*} including
reproducing steps
5. report.txt content:
1. Exception type
2. Error location
3. Bug cause and impact
4. Crash thread's stacks
5. Steps to reproduce
6. Bug full list (crashes under java.lang.IllegalArgumentException and
IllegalStateException should be wrapped instead of using the common exception
types)
pdfbox_reported_crashes_latest
├── java.lang.ArrayIndexOutOfBoundsException
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
│ ├── org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
│ ├──
org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
│ ├──
org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
│ └──
org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
├── java.lang.ClassCastException
│ ├── org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
│ ├──
org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
│ ├──
org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ ├──
org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
│ └── org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
├── java.lang.IllegalArgumentException
│ ├──
org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
│ ├── org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
│ ├── org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
│ ├──
org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
│ ├──
org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
│ ├── org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
│ └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
├── java.lang.IllegalStateException
│ ├── org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
│ └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
├── java.lang.IndexOutOfBoundsException
│ ├──
org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
│ ├──
org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
│ ├──
org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
│ ├── org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
│ ├──
org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
├── java.lang.NegativeArraySizeException
│ └──
org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
├── java.lang.NullPointerException
│ ├── org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
│ ├── org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ ├── org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
│ ├── org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
│ ├── org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
│ ├──
org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
│ ├──
org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
│ ├── org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
│ ├── org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
│ ├── org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
│ ├──
org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
│ ├──
org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
│ ├──
org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
│ ├──
org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
│ ├──
org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
│ └──
org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
├── java.lang.NumberFormatException
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
│ ├── org.apache.fontbox.type1.Token.floatValue--Token.java-112
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
├── java.lang.StackOverflowError
│ ├── org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
│ ├──
org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
│ ├── org.apache.pdfbox.cos.COSName.equals--COSName.java-738
│ ├──
org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
│ ├── org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
│ ├── org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
│ ├── org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
│ └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
└── java.nio.BufferUnderflowException
├── org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
└── org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
Any further discussion for these vulnerabilities including fix is welcomed and
look forward to hearing from you.
was:
1. Unqiue Bugs Found
Recently we (Zhang Cen, [https://github.com/occia] and Huang Wenjie
[https://github.com/ZanderHuang]) discovered a series of bugs in latest pdfbox
(3.0.0-alpha2).
Every bug we reported in the following is unique and reproducable. Furthermore,
they have been manually analyzed and triaged in removing the duplicates.
Due to the lack of contextual knowledge in the pdfbox library, we cannot
thoroughly fix some bugs hence we look forward to any proposed plan from the
developers in fixing these bugs.
2. Bug Report and Crash Seeds
The bug report folder can be downloaded from
[https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing]
It contains both reports and crash seeds.
3. Test Program to Reproduce Crashes
The test program can be downloaded from
[https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing]
Total 70 bugs are reported in this pull request.
A full list is provided below.
4. Folder structure
- Level 1 (folder): exception type
- Level 2 (folder): error location
- Level 3 (files): POC file and {*}{{*}}report.txt{{*}}{*} including
reproducing steps
5. report.txt content:
1. Exception type
2. Error location
3. Bug cause and impact
4. Crash thread's stacks
5. Steps to reproduce
6. Bug full list (crashes under java.lang.IllegalArgumentException and
IllegalStateException should be wrapped instead of using the common exception
types)
pdfbox_reported_crashes_latest
├── java.lang.ArrayIndexOutOfBoundsException
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
│ ├── org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
│ ├──
org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
│ ├──
org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
│ └──
org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
├── java.lang.ClassCastException
│ ├── org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
│ ├──
org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
│ ├──
org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ ├──
org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
│ └── org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
├── java.lang.IllegalArgumentException
│ ├──
org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
│ ├── org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
│ ├── org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
│ ├──
org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
│ ├──
org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
│ ├──
org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
│ ├── org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
│ └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
├── java.lang.IllegalStateException
│ ├── org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
│ └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
├── java.lang.IndexOutOfBoundsException
│ ├──
org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
│ ├──
org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
│ ├──
org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
│ ├── org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
│ ├──
org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
├── java.lang.NegativeArraySizeException
│ └──
org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
├── java.lang.NullPointerException
│ ├── org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
│ ├── org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ ├── org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
│ ├── org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
│ ├── org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
│ ├──
org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
│ ├──
org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
│ ├── org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
│ ├── org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
│ ├── org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
│ ├──
org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
│ ├──
org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
│ ├──
org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
│ ├──
org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
│ ├──
org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
│ ├──
org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
│ └──
org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
├── java.lang.NumberFormatException
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
│ ├── org.apache.fontbox.type1.Token.floatValue--Token.java-112
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
├── java.lang.StackOverflowError
│ ├── org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
│ ├──
org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
│ ├── org.apache.pdfbox.cos.COSName.equals--COSName.java-738
│ ├──
org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
│ ├── org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
│ ├── org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
│ ├── org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
│ └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
└── java.nio.BufferUnderflowException
├── org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
└── org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
Any further discussion for these vulnerabilities including fix is welcomed and
look forward to hearing from you.
> A list of bugs found (70 bugs in total)
> ---------------------------------------
>
> Key: PDFBOX-5339
> URL: https://issues.apache.org/jira/browse/PDFBOX-5339
> Project: PDFBox
> Issue Type: Bug
> Affects Versions: 3.0.0 PDFBox
> Reporter: Huang Wenjie
> Priority: Major
>
> 1. Unqiue Bugs Found
> Recently we (Zhang Cen, [https://github.com/occia] and Huang Wenjie
> [https://github.com/ZanderHuang]) discovered a series of bugs in latest
> pdfbox (3.0.0-alpha2).
> Every bug we reported in the following is unique and reproducable.
> Furthermore, they have been manually analyzed and triaged in removing the
> duplicates.
> Due to the lack of contextual knowledge in the pdfbox library, we cannot
> thoroughly fix some bugs hence we look forward to any proposed plan from the
> developers in fixing these bugs.
> 2. Bug Report and Crash Seeds
> The bug report folder can be downloaded from
> [https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing]
> It contains both reports and crash seeds.
> 3. Test Program to Reproduce Crashes
> The test program can be downloaded from
> [https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing]
> Total 70 bugs are reported in this issue.
> A full list is provided below.
> 4. Folder structure
> - Level 1 (folder): exception type
> - Level 2 (folder): error location
> - Level 3 (files): POC file and {*}{{*}}report.txt{{*}}{*} including
> reproducing steps
> 5. report.txt content:
> 1. Exception type
> 2. Error location
> 3. Bug cause and impact
> 4. Crash thread's stacks
> 5. Steps to reproduce
>
> 6. Bug full list (crashes under java.lang.IllegalArgumentException and
> IllegalStateException should be wrapped instead of using the common exception
> types)
> pdfbox_reported_crashes_latest
> ├── java.lang.ArrayIndexOutOfBoundsException
> │ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
> │ ├── org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
> │ ├──
> org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
> │ ├──
> org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
> │ └──
> org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
> ├── java.lang.ClassCastException
> │ ├── org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
> │ ├──
> org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
> │ ├──
> org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
> │ └── org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
> ├── java.lang.IllegalArgumentException
> │ ├──
> org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
> │ ├── org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
> │ ├── org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
> │ ├──
> org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
> │ ├──
> org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
> │ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
> │ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
> │ └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
> ├── java.lang.IllegalStateException
> │ ├──
> org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
> │ └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
> ├── java.lang.IndexOutOfBoundsException
> │ ├──
> org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
> │ ├──
> org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
> │ ├──
> org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
> │ ├── org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
> │ ├──
> org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
> │ └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
> ├── java.lang.NegativeArraySizeException
> │ └──
> org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
> ├── java.lang.NullPointerException
> │ ├── org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
> │ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
> │ ├── org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
> │ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
> │ ├── org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
> │ ├── org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
> │ ├──
> org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
> │ ├──
> org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
> │ ├──
> org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
> │ ├── org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
> │ ├──
> org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
> │ ├── org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
> │ ├──
> org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
> │ ├──
> org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
> │ └──
> org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
> ├── java.lang.NumberFormatException
> │ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
> │ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
> │ ├── org.apache.fontbox.type1.Token.floatValue--Token.java-112
> │ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
> │ └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
> ├── java.lang.StackOverflowError
> │ ├──
> org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
> │ ├──
> org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
> │ ├── org.apache.pdfbox.cos.COSName.equals--COSName.java-738
> │ ├──
> org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
> │ ├──
> org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
> │ ├── org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
> │ ├── org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
> │ └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
> └── java.nio.BufferUnderflowException
> ├── org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
> └──
> org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
>
>
> Any further discussion for these vulnerabilities including fix is welcomed
> and look forward to hearing from you.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
