[
https://issues.apache.org/jira/browse/PDFBOX-6037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-6037:
------------------------------------
Fix Version/s: 2.0.35
3.0.6 PDFBox
4.0.0
> Potential OOM in XrefStreamParser
> ---------------------------------
>
> Key: PDFBOX-6037
> URL: https://issues.apache.org/jira/browse/PDFBOX-6037
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 2.0.34, 3.0.5 PDFBox, 4.0.0
> Reporter: David Justamante
> Priority: Minor
> Labels: patch
> Fix For: 2.0.35, 3.0.6 PDFBox, 4.0.0
>
> Attachments: example.pdf, simple_patch.diff
>
>
> This issue is being _*manually*_ filed by the competition organizers. We
> recognize there is a number of AI generated submissions as of late. We have
> gone through the manual process of bug/patch validation to prevent
> unnecessary "noise", respecting maintainers' time.
> This submission is being sent as part of DARPA's AIxCC competition.
> ([https://aicyberchallenge.com)|https://aicyberchallenge.com)/] This issue
> was discovered by an autonomous Cyber Reasoning System (CRS) and validated by
> competition engineers. The patch was manually constructed by the competition
> engineers.
> XrefStreamParser - Read length then allocate without validation or bounds
> checking. This can cause OOM if heap is < 2g.
> We understand if this is a "won't fix" from an allocation perspective, but it
> feels like the allocation should happen after some verification that the
> stream is really there and really of that length.
> We're attaching a triggering file and an example simple patch that trivially
> sets a hard limit on the stream length. The example file was generated by
> competitor's system in the AIxCC competition.
> (AIxCC Internal: CHA-1725)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
