Created attachment 1378729 [details]
POC for podofo integer overflow issue
on 0.9.5 (the latest version):
there is a signed integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (src/base/PdfObjectStreamParserObject.cpp), which can cause denial of service via a crafted pdf file.
src/base/PdfObjectStreamParserObject.cpp:99:30: runtime error: signed integer overflow: 94 + 9223372036854775807 cannot be represented in type 'long int'
To reproduce the issue, compile libming with UBSAN "-fsanitize=undefined",
then execute: podofoimgextract $POC OUTPUT_DIR
The POC is attached.
CVE-2018-5309 was assigned for this issue.
Can you notify upstream about this issue?
(In reply to Salvatore Bonaccorso from comment #1)
> CVE-2018-5309 was assigned for this issue.
> Can you notify upstream about this issue?
Thanks for your work.
We have notified podofo developers via mailing list.