Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Feb 2018 12:01:36 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: qpdf: multiple vulnerabilities before 7.0.0

Hi,

This is a bit older, but I'll share it anyway. A while ago I tested
qpdf with libfuzzer, all those issues have been fixed in 7.0.0 (latest
is 7.1.1).

Stack overflow due to endless recursion in
QPDFTokenizer::resolveLiteral()
https://github.com/qpdf/qpdf/issues/51

Another stack overflow / endless recursion in
QPDFWriter::enqueueObject()
https://github.com/qpdf/qpdf/issues/143

Stack out of bounds read in iterate_rc4()
https://github.com/qpdf/qpdf/issues/147

heap out of bounds read (large) in Pl_Buffer::write
https://github.com/qpdf/qpdf/issues/150


Hang due to a pdf xref loop:
https://github.com/qpdf/qpdf/issues/149
Background:
https://blog.fuzzing-project.org/59-Six-year-old-PDF-loop-bug-affects-most-major-implementations.html


A quick check with the latst 7.1.1 with libfuzzer and asan revealed no
further bugs.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ