SB2017031525 - Multiple vulnerabilities in podofo.sourceforge.net podofo
Published: March 15, 2017 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 secuirty vulnerabilities.
1) Uncontrolled Recursion (CVE-ID: CVE-2018-11254)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.
2) NULL pointer dereference (CVE-ID: CVE-2018-11255)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted PDF document.
3) NULL pointer dereference (CVE-ID: CVE-2018-11256)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted PDF document.
4) Buffer overflow (CVE-ID: CVE-2018-8000)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file.
5) Out-of-bounds read (CVE-ID: CVE-2018-8001)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
6) Infinite loop (CVE-ID: CVE-2018-8002)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
7) Resource exhaustion (CVE-ID: CVE-2018-6352)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.
8) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2018-5783)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
9) NULL pointer dereference (CVE-ID: CVE-2018-5308)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
10) Integer overflow (CVE-ID: CVE-2018-5309)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
11) Integer overflow (CVE-ID: CVE-2018-5295)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
12) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2018-5296)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
13) Out-of-bounds read (CVE-ID: CVE-2017-8787)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5. A remote attacker can perform a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.
14) Heap-based buffer overflow (CVE-ID: CVE-2017-8378)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5. A remote attacker can use vectors related to m_offsets.size. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Infinite loop (CVE-ID: CVE-2017-8054)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.
16) Infinite loop (CVE-ID: CVE-2017-8053)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).
17) NULL pointer dereference (CVE-ID: CVE-2017-7994)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted PDF document.
18) Out-of-bounds read (CVE-ID: CVE-2017-7379)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5. A remote attacker can perform a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
19) NULL pointer dereference (CVE-ID: CVE-2017-7380)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted PDF document.
20) NULL pointer dereference (CVE-ID: CVE-2017-7381)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted PDF document.
21) NULL pointer dereference (CVE-ID: CVE-2017-7382)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted PDF document.
22) NULL pointer dereference (CVE-ID: CVE-2017-7383)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted PDF document.
23) Out-of-bounds read (CVE-ID: CVE-2017-7378)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5. A remote attacker can perform a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
24) Out-of-bounds read (CVE-ID: CVE-2017-6840)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.
25) NULL pointer dereference (CVE-ID: CVE-2017-6841)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file.
26) NULL pointer dereference (CVE-ID: CVE-2017-6842)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file.
27) NULL pointer dereference (CVE-ID: CVE-2017-6848)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1576174
- https://bugzilla.redhat.com/show_bug.cgi?id=1575502
- https://bugzilla.redhat.com/show_bug.cgi?id=1575851
- https://bugzilla.redhat.com/show_bug.cgi?id=1548918
- https://sourceforge.net/p/podofo/tickets/13/
- https://bugzilla.redhat.com/show_bug.cgi?id=1549469
- https://bugzilla.redhat.com/show_bug.cgi?id=1548930
- https://www.exploit-db.com/exploits/44946/
- https://bugzilla.redhat.com/show_bug.cgi?id=1539237
- https://bugzilla.redhat.com/show_bug.cgi?id=1536179
- https://sourceforge.net/p/podofo/tickets/27/
- https://bugzilla.redhat.com/show_bug.cgi?id=1532390
- https://bugzilla.redhat.com/show_bug.cgi?id=1532381
- https://bugzilla.redhat.com/show_bug.cgi?id=1531897
- https://bugzilla.redhat.com/show_bug.cgi?id=1531956
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738
- https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
- http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/
- http://openwall.com/lists/oss-security/2017/04/22/1
- http://www.evernote.com/l/AnGe5jS_MvNDaZvZW-fzvV37H4ggSf5IkQo/
- http://www.securityfocus.com/bid/97980
- https://github.com/icepng/PoC/tree/master/PoC1
- https://icepng.github.io/2017/04/21/PoDoFo-1/
- http://www.securityfocus.com/bid/97296
- https://blogs.gentoo.org/ago/2017/03/31/podofo-heap-based-buffer-overflow-in-podofopdfsimpleencodingconverttoencoding-pdfencoding-cpp
- https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference
- https://blogs.gentoo.org/ago/2017/03/31/podofo-heap-based-buffer-overflow-in-podofopdfpainterexpandtabs-pdfpainter-cpp
- https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp/
- https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/
- https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp/
- https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp/