Bug 1532390 - Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp)
Summary: Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Writ...
Keywords:
Status: NEW
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: podofo
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Dan Horák
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-01-08 21:32 UTC by probefuzzer
Modified: 2018-01-11 21:49 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)
POC for podofoimgextract issue (7.76 KB, application/pdf)
2018-01-08 21:32 UTC, probefuzzer 		no flags Details
View All

Description probefuzzer 2018-01-08 21:32:29 UTC 
Created attachment 1378732 [details]
POC for podofoimgextract issue

on 0.9.5 (the latest version) of podofo:
there is an undefined behavior (memcpy with null pointer) in PdfMemoryOutputStream::Write function (src/base/PdfOutputStream.cpp), which can cause denial of service (crash) or possibly other unspecified impacts via a crafted pdf file.

src/base/PdfOutputStream.cpp:124:48: runtime error: null pointer passed as argument 2, which is declared to never be null

To reproduce the issue, compile podofo with UBSAN "-fsanitize=undefined",
then execute: podofoimgextract $POC OUTPUT_DIR

The POC file is attached.
Comment 1 Salvatore Bonaccorso 2018-01-09 09:47:48 UTC 
This issue was assigned CVE-2018-5308.
Comment 2 probefuzzer 2018-01-11 21:49:33 UTC 
(In reply to Salvatore Bonaccorso from comment #1)
> This issue was assigned CVE-2018-5308.

Thanks for your work. 
We have notified podofo developers via mailing list.
Note You need to log in before you can comment on or make changes to this bug.