on latest version of PoDoFo (RELEASE_0.9.5_rc1), there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (src/base/PdfXRefStreamParserObject.cpp), which can cause denial of service via a crafted pdf file.
src/src/base/PdfXRefStreamParserObject.cpp:125:64: runtime error: signed integer overflow: 3 + 9223372036854775807 cannot be represented in type 'long int '
To reproduce the issue, compile PoDoFo with UBSAN "-fsanitize=undefined", then execute： podofoimgextract $POC OUTPUT_DIR
The POC file can be downloaded from:
Created attachment 1377905 [details]
PoC to trigger this vulnerability
@probefuzzer: This issue was assigned CVE-2018-5295, was it reported upstream?
(In reply to Salvatore Bonaccorso from comment #2)
> @probefuzzer: This issue was assigned CVE-2018-5295, was it reported
Thanks for your work.
We have notified podofo developers via mailing list.