投稿
https://cxsecurity.com/issue/WLB-2019100013
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201910-030
Xpdf 安全漏洞
| 漏洞ID | 1765220 | 漏洞类型 | 代码问题 |
| 发布时间 | 2019-10-03 | 更新时间 | 2019-12-12 |
 CVE编号
|
CVE-2019-17064 |  CNNVD-ID
|
CNNVD-201910-030 |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
Xpdf是Foo实验室的一款开源的PDF阅读器。该产品支持解码LZW压缩格式的文件以及阅读加密的PDF文件。
Xpdf 4.02版本中的Catalog.cc存在代码问题漏洞。攻击者可利用该漏洞造成应用程序崩溃。
|漏洞EXP
Exploit Title: NULL pointer dereference
# Exploit Author: Dhiraj Mishra
# Vendor Homepage: https://www.xpdfreader.com/
# Software Link: https://www.xpdfreader.com/download.html
# CVE: CVE-2019-17064
# References:
# https://nvd.nist.gov/vuln/detail/CVE-2019-17064
# https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890
*Summary:*
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because
Catalog.pageLabels is initialized too late in the Catalog constructor.
*BT:*
#0 0x00005555556d1dce in Catalog::~Catalog (this=<optimized out>,
__in_chrg=<optimized out>)
at /home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295
#1 0x0000555555a1b1d1 in PDFDoc::setup2 (repairXRef=0, userPassword=0x0,
ownerPassword=0x0, this=0x607000000090)
at /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:312
#2 PDFDoc::setup (this=0x607000000090, ownerPassword=0x0,
userPassword=0x0) at /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:261
#3 0x0000555555a1bb84 in PDFDoc::PDFDoc (this=0x607000000090,
fileNameA=<optimized out>, ownerPassword=<optimized out>,
userPassword=<optimized out>, coreA=<optimized out>) at
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:208
#4 0x0000555555674ffb in main (argc=<optimized out>, argv=<optimized out>)
at /home/input0/Desktop/xpdf-4.02/xpdf/pdfdetach.cc:119
*ASAN:*
==28603==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x55d7a4eaadce bp 0x6070000000dc sp 0x7ffc6078b640 T0)
==28603==The signal is caused by a READ memory access.
==28603==Hint: address points to the zero page.
#0 0x55d7a4eaadcd in Catalog::~Catalog()
/home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295
#1 0x55d7a51f41d0 in PDFDoc::setup2(GString*, GString*, int)
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:312
#2 0x55d7a51f41d0 in PDFDoc::setup(GString*, GString*)
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:261
#3 0x55d7a51f4b83 in PDFDoc::PDFDoc(char*, GString*, GString*,
PDFCore*) /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:208
#4 0x55d7a4e4dffa in main
/home/input0/Desktop/xpdf-4.02/xpdf/pdfdetach.cc:119
#5 0x7fd635ac1b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#6 0x55d7a4e50579 in _start
(/home/input0/Desktop/xpdf-4.02/build/xpdf/pdfdetach+0x123579)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295 in Catalog::~Catalog()
==28603==ABORTING
* To reproduce: *
pdfdetach -list $POC
|参考资料
来源:forum.xpdfreader.com
链接:https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-17064
检索漏洞
开始时间
结束时间