[Podofo-users] Integer Overflow in PdfXRefStreamParserObject::ParseStream

Probe Fuzzer Sat, 06 Jan 2018 06:26:34 -0800

Hello,
we found that on latest version of PoDoFo (RELEASE_0.9.5_rc1), there is an
integer overflow in the PdfXRefStreamParserObject::ParseStream function
(src/base/PdfXRefStreamParserObject.cpp), which can cause denial of service
via a crafted pdf file.


src/src/base/PdfXRefStreamParserObject.cpp:125:64: runtime error: signed
integer overflow: 3 + 9223372036854775807 cannot be represented in type
'long int [3]'

To reproduce the issue, compile PoDoFo with UBSAN "-fsanitize=undefined",
then execute： podofoimgextract $POC OUTPUT_DIR

The POC file can be downloaded from:
https://github.com/ProbeFuzzer/poc/blob/master/podofo/podofo_0-9-5-rc1_podofoimgextract_integer-overflow_PdfXRefStreamParserObject-ParseStream.pdf


Thanks,

ProbeFuzzer

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

[Podofo-users] Integer Overflow in PdfXRefStreamParserObject::ParseStream

Reply via email to