Bug 1622951
| Summary: | poppler: Infinite recursion in poppler/Parser.cc:Parser::getObj() function | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Krace <merc.ouc> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | unspecified | CC: | carnil, merc.ouc, mkasik, psampaio | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-10-19 09:04:53 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Hello Krace, Can you share any more information on this issue? Also, please report this upstream at: https://gitlab.freedesktop.org/poppler/poppler/issues/new?issue (In reply to Pedro Sampaio from comment #1) > Hello Krace, > > Can you share any more information on this issue? > > Also, please report this upstream at: > > https://gitlab.freedesktop.org/poppler/poppler/issues/new?issue I'm sorry to reply so late. you can see the poc file to reproduce the problem,and I will report it to the https://gitlab.freedesktop.org/poppler/poppler/issues/new?issue Hi, I've prepared a patch fixing this issue. The issue is similar to the https://bugs.freedesktop.org/show_bug.cgi?id=96217 which was not fixed yet. The processing of the PDF is not infinite, it just takes a lot of time :). The fix consists of detection of duplicated objects. See https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67 for additional info. (In reply to Marek Kašík from comment #3) > Hi, > > I've prepared a patch fixing this issue. The issue is similar to the > https://bugs.freedesktop.org/show_bug.cgi?id=96217 which was not fixed yet. > The processing of the PDF is not infinite, it just takes a lot of time :). > The fix consists of detection of duplicated objects. See > https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67 for > additional info. thanks for your patch,I happen to rethink the problem yesterday. :) |
Created attachment 1479179 [details] the poc file Description of problem: In poppler 0.68.0.The Parser::getObj() function in poppler/Parser.cc may cause an inifinite recursion by a crafted poc file.A remote attacker can leaverage it to cause a dos attack. Version-Release number of selected component (if applicable): poppler 0.68.0 How reproducible: just use the `pdftohtml` to reproduce Steps to Reproduce: 1. ./pdftohtml poc.pdf 2. 3. Actual results: Expected results: Additional info: