Hi When investigating CVE-2017-8378 for wheezy I wrote a patch. However when trying to reproduce the problem with libpodofo-utils I failed to do so as it exited before this problem occured. This means that it is not worth fixing in wheezy.
However you may be interested in the patch anyway. So here it is. Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
Author: Ola Lundqvist <[email protected]> The check for i range is part of CVE-2017-8378. The check for !pObject was added as later revision of the software had that. Index: libpodofo-0.9.0/src/base/PdfParser.cpp =================================================================== --- libpodofo-0.9.0.orig/src/base/PdfParser.cpp 2017-06-05 09:16:50.000000000 +0000 +++ libpodofo-0.9.0/src/base/PdfParser.cpp 2017-06-05 09:23:43.545380165 +0000 @@ -876,7 +876,14 @@ if( pEncrypt->IsReference() ) { i = pEncrypt->GetReference().ObjectNumber(); + if (i < 0 || + i > m_offsets.size()) { + PODOFO_RAISE_ERROR( ePdfError_ValueOutOfRange ); + } pObject = new PdfParserObject( m_vecObjects, m_device, m_buffer, m_offsets[i].lOffset ); + if( !pObject ) { + PODOFO_RAISE_ERROR( ePdfError_OutOfMemory ); + } pObject->SetLoadOnDemand( false ); // Never load this on demand, as we will use it immediately try { pObject->ParseFile( NULL ); // The encryption dictionary is not encrypted :)
