oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

podofo: signed integer overflow in PdfParser.cpp

From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 01 Feb 2017 16:11:32 +0100
Description:
podofo is a C++ library to work with the PDF file format.

A fuzz on it with the UBSAN discovered a signed integer overflow. The upstream 
project denies me to open a new ticket. So, I’m unable to communicate with 
them.

The complete UBSan output:

# podofopdfinfo $FILE
/tmp/portage/app-
text/podofo-0.9.4/work/podofo-0.9.4/src/base/PdfParser.cpp:757:23: runtime 
error: signed integer overflow: 9223372036854775807 + 9 cannot be represented 
in type 'long'

Affected version:
0.9.4

Fixed version:
N/A

Commit fix:
N/A

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
N/A

Reproducer:
https://github.com/asarubbo/poc/blob/master/00144-podofo-signintoverflow-PdfParser

Timeline:
2017-01-05: bug discovered
2017-02-01: blog post about the issue

Note:
This bug was found with American Fuzzy Lop.

Permalink:
https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp

-- 
Agostino Sarubbo
Gentoo Linux Developer
Previous By Date Next
Previous By Thread Next

Current thread: