David Justamante created PDFBOX-6037:
----------------------------------------
Summary: Potential OOM in XrefStreamParser
Key: PDFBOX-6037
URL: https://issues.apache.org/jira/browse/PDFBOX-6037
Project: PDFBox
Issue Type: Bug
Components: Parsing
Affects Versions: 4.0.0
Reporter: David Justamante
Attachments: example.pdf, simple_patch.diff
This issue is being _*manually*_ filed by the competition organizers. We
recognize there is a number of AI generated submissions as of late. We have
gone through the manual process of bug/patch validation to prevent unnecessary
"noise", respecting maintainers' time.
This submission is being sent as part of DARPA's AIxCC competition.
([https://aicyberchallenge.com)|https://aicyberchallenge.com)/] This issue was
discovered by an autonomous Cyber Reasoning System (CRS) and validated by
competition engineers. The patch was manually constructed by the competition
engineers.
XrefStreamParser - Read length then allocate without validation or bounds
checking. This can cause OOM if heap is < 2g.
We understand if this is a "won't fix" from an allocation perspective, but it
feels like the allocation should happen after some verification that the stream
is really there and really of that length.
We're attaching a triggering file and an example simple patch that trivially
sets a hard limit on the stream length. The example file was generated by
competitor's system in the AIxCC competition.
(AIxCC Internal: CHA-1725)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
