David Justamante created PDFBOX-6043:
----------------------------------------
Summary: Potential OOM in Type1Lexer
Key: PDFBOX-6043
URL: https://issues.apache.org/jira/browse/PDFBOX-6043
Project: PDFBox
Issue Type: Bug
Components: Parsing
Affects Versions: 4.0.0
Reporter: David Justamante
Attachments: example.pdf, simple-patch.diff
This issue is being *manually* filed by the competition organizers. We
recognize there is a number of AI generated submissions as of late. We have
gone through the manual process of bug/patch validation to prevent unnecessary
"noise", respecting maintainers' time.
This submission is being sent as part of DARPA's AIxCC competition.
(https://aicyberchallenge.com) This issue was discovered and validated by
competition engineers during challenge development. The patch was manually
constructed by the competition engineers.
Read length then allocate without validation or bounds checking this can cause
an OOM when heap is < 2gb.
We're attaching a patch with a simple check with a hard limit.
(AIxCC Internal: CHA-1726)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
