Package: poppler Version: 0.18.4-6 Severity: important Tags: security Following attached sample file crashes poppler library as demonstrated with pdfinfo utility and also tested with xpdf version 3.03. Sample file is fuzzed with AFL <http://lcamtuf.coredump.cx/afl/>.
47c3a99686e97e882db1f873a6b70bc12bb58ec9 afl-poppler-sample-001.pdf Starting program: pdfinfo afl-poppler-sample-001.pdf [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Error: PDF file is damaged - attempting to reconstruct xref table... Error (892): Dictionary key must be a name object Error (900): Dictionary key must be a name object Error (958): Illegal character ')' Error: Unterminated string Error: End of file inside array Error: End of file inside dictionary Error: PDF file is damaged - attempting to reconstruct xref table... Error (892): Dictionary key must be a name object Error (900): Dictionary key must be a name object Error (958): Illegal character ')' Error: Unterminated string Error: End of file inside array Error: End of file inside dictionary Program received signal SIGSEGV, Segmentation fault. 0x00000000005fa1f0 in XRef::getEntry (this=this@entry=0xa699d0, i=<optimized out>) at XRef.cc:1317 1317 errCode = errDamaged; (gdb) bt #0 0x00000000005fa1f0 in XRef::getEntry (this=this@entry=0xa699d0, i=<optimized out>) at XRef.cc:1317 #1 0x00000000005fccd0 in XRef::fetch (this=0xa699d0, num=1, gen=0, obj=0x7fffffffe680, fetchOriginatorNums=0x0) at XRef.cc:982 #2 0x000000000040b035 in getCatalog (obj=0x7fffffffe680, this=<optimized out>) at XRef.h:101 #3 Catalog::Catalog (this=0xa69d30, xrefA=<optimized out>) at Catalog.cc:88 #4 0x000000000059ec69 in PDFDoc::setup (this=this@entry=0xa69590, ownerPassword=ownerPassword@entry=0x0, userPassword=userPassword@entry=0x0) at PDFDoc.cc:260 #5 0x000000000059f39d in PDFDoc::PDFDoc (this=0xa69590, fileNameA=<optimized out>, ownerPassword=0x0, userPassword=0x0, guiDataA=<optimized out>) at PDFDoc.cc:154 #6 0x00000000007e99b5 in LocalPDFDocBuilder::buildPDFDoc (this=<optimized out>, uri=..., ownerPassword=0x0, userPassword=0x0, guiDataA=0x0) at LocalPDFDocBuilder.cc:31 #7 0x0000000000404102 in main (argc=2, argv=0x7fffffffeaf8) at pdfinfo.cc:172 #8 0x00007ffff62deead in __libc_start_main (main=<optimized out>, argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffeae8) at libc-start.c:244 #9 0x0000000000405cd5 in _start () (gdb) list 1312 } 1313 } 1314 if (followed) { 1315 error(-1, "Circular XRef"); 1316 if (!(ok = constructXRef(NULL))) { 1317 errCode = errDamaged; 1318 } 1319 break; 1320 } 1321 -- Henri Salo
afl-poppler-sample-001.pdf
Description: Adobe PDF document
signature.asc
Description: Digital signature