Skip to content

CVE-2017-7381

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

CVE-2017-7381

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
00251-podofo-nullptr2
00251-podofo-nullptr2
 
 
README.md
README.md
 
 

README.md

CVE/EDB ID

CVE-2017-7381

Experiment Environment

Ubuntu 14.04 LTS

INSTALL & Configuration

download PoDoFo from sourceforge tar xvf podofo.tar.gz cd podofo mkdir build cmake -G "Unix Makefiles" -DCMAKE_INSTALL_PREFIX="`pwd`/../podofo" -DCMAKE_BUILD_TYPE=Debug .. make make install

Problems in Installation & Configuration

CMake Error at /usr/share/cmake-2.8/Modules/FindPackageHandleStandardArgs.cmake:108 (message):
Could NOT find FREETYPE (missing: FREETYPE_LIBRARY FREETYPE_INCLUDE_DIR)

sudo apt-get install libfreetype6-dev

Could not find fontconfig

sudo apt-get install libfontconfig1-dev

CMake Error at CMakeLists.txt:36 (CMAKE_POLICY): Policy "CMP0033" is not known to this version of CMake.

solution 1: use higher version cmake solution 2: delete CMakeLists.txt:36

How to trigger vulnerability

podofotxtextract $FILE

PoCs

Inside the folder

Vulnerability Details & Patch

Root Cause

Stack Trace

==23885==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f44177e97b7 bp 0x7ffe130bed10 sp 0x7ffe130beca0 T0) ==23885==The signal is caused by a READ memory access. ==23885==Hint: address points to the zero page. #0 0x7f44177e97b6 in PoDoFo::PdfPage::GetFromResources(PoDoFo::PdfName const&, PoDoFo::PdfName const&) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfPage.cpp:609:23 #1 0x51dda3 in TextExtractor::ExtractText(PoDoFo::PdfMemDocument*, PoDoFo::PdfPage*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/TextExtractor.cpp:98:47 #2 0x51d021 in TextExtractor::Init(char const*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/TextExtractor.cpp:48:15 #3 0x539f6d in main /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/podofotxtextract.cpp:52:17 #4 0x7f441585f6ff in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 #5 0x420d48 in _start (/usr/bin/podofotxtextract+0x420d48) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfPage.cpp:609:23 in PoDoFo::PdfPage::GetFromResources(PoDoFo::PdfName const&, PoDoFo::PdfName const&)

References

https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference/