Created attachment 1378729 [details] POC for podofo integer overflow issue on 0.9.5 (the latest version): there is a signed integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (src/base/PdfObjectStreamParserObject.cpp), which can cause denial of service via a crafted pdf file. src/base/PdfObjectStreamParserObject.cpp:99:30: runtime error: signed integer overflow: 94 + 9223372036854775807 cannot be represented in type 'long int' To reproduce the issue, compile libming with UBSAN "-fsanitize=undefined", then execute: podofoimgextract $POC OUTPUT_DIR The POC is attached.
CVE-2018-5309 was assigned for this issue. Can you notify upstream about this issue?
(In reply to Salvatore Bonaccorso from comment #1) > CVE-2018-5309 was assigned for this issue. > > Can you notify upstream about this issue? Thanks for your work. We have notified podofo developers via mailing list.
EPEL 7 entered end-of-life (EOL) status on 2024-06-30.\n\nEPEL 7 is no longer maintained, which means that it\nwill not receive any further security or bug fix updates.\n As a result we are closing this bug.