Podofo 0.9.4 file Denial Of Service Vulnerability

Summary

podofo is a C++ library to work with the PDF file format.A fuzz on it discovered an infinite loop. The upstream project denies me to open a new ticket. unable to communicate with them.

Credit:

The information has been provided by Agostino Sarubbo.
The original article can be found at: http://www.securityfocus.com/bid/97032


Details

Vulnerable Systems:
 * Podofo 0.9.4

The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

CVE Information:
CVE-2017-5852

Disclosure Timeline:
Publish Date : 2017-03-01
Last Update Date : 2017-03-24

Categories: News