Created attachment 1400720 [details] poc file of podofo infinite loop vulnerability Description of problem: In PoDoFo 0.9.5(the latest stable version), there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially remote code execution via a crafted pdf file. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x000055555563b026 in PoDoFo::PdfTokenizer::DetermineDataType(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&) () #0 0x000055555563b026 in PoDoFo::PdfTokenizer::DetermineDataType(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&) () #1 0x000055555563afda in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #2 0x000055555563c08b in PoDoFo::PdfTokenizer::ReadArray(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #3 0x000055555563b918 in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #4 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #5 0x000055555563c08b in PoDoFo::PdfTokenizer::ReadArray(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #6 0x000055555563b918 in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #7 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #8 0x000055555563c08b in PoDoFo::PdfTokenizer::ReadArray(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #9 0x000055555563b918 in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #10 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #11 0x000055555563c08b in PoDoFo::PdfTokenizer::ReadArray(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #12 0x000055555563b918 in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #13 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () ... ... ... #58208 0x000055555563c08b in PoDoFo::PdfTokenizer::ReadArray(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58209 0x000055555563b918 in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58210 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58211 0x000055555563c08b in PoDoFo::PdfTokenizer::ReadArray(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58212 0x000055555563b918 in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58213 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58214 0x000055555563c08b in PoDoFo::PdfTokenizer::ReadArray(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58215 0x000055555563b918 in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58216 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58217 0x000055555563c08b in PoDoFo::PdfTokenizer::ReadArray(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58218 0x000055555563b918 in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58219 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58220 0x000055555563af72 in PoDoFo::PdfTokenizer::GetNextVariant(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58221 0x000055555563bd67 in PoDoFo::PdfTokenizer::ReadDictionary(PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58222 0x000055555563b8fc in PoDoFo::PdfTokenizer::ReadDataType(PoDoFo::EPdfDataType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58223 0x000055555563b012 in PoDoFo::PdfTokenizer::GetNextVariant(char const*, PoDoFo::EPdfTokenType, PoDoFo::PdfVariant&, PoDoFo::PdfEncrypt*) () #58224 0x00005555556b4c4e in PoDoFo::PdfParserObject::ParseFileComplete(bool) () #58225 0x00005555556b5576 in PoDoFo::PdfParserObject::DelayedLoadImpl() () #58226 0x00005555556254c8 in PoDoFo::PdfVariant::DelayedLoad() const () #58227 0x00005555556b4acd in PoDoFo::PdfParserObject::ParseFile(PoDoFo::PdfEncrypt*, bool) () #58228 0x00005555556ad3f4 in PoDoFo::PdfParser::ReadTrailer() () #58229 0x00005555556ab37c in PoDoFo::PdfParser::ReadDocumentStructure() () #58230 0x00005555556ab017 in PoDoFo::PdfParser::ParseFile(PoDoFo::PdfRefCountedInputDevice const&, bool) () #58231 0x00005555556aad5d in PoDoFo::PdfParser::ParseFile(char const*, bool) () #58232 0x00005555556725dd in PoDoFo::PdfMemDocument::Load(char const*, bool) () #58233 0x0000555555671bd4 in PoDoFo::PdfMemDocument::PdfMemDocument(char const*, bool) () #58234 0x000055555561f00d in PdfInfo::PdfInfo(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) () #58235 0x0000555555623448 in main () Version-Release number of selected component (if applicable): 0.9.5 How reproducible: use podofopdfinfo to read crafted pdf files. Steps to Reproduce: 1.podofopdfinfo $POCFILE 2. 3. Actual results: Expected results: Additional info:
EPEL 7 entered end-of-life (EOL) status on 2024-06-30.\n\nEPEL 7 is no longer maintained, which means that it\nwill not receive any further security or bug fix updates.\n As a result we are closing this bug.