podofo: NULL pointer dereference in PdfOutputStream.cpp

Description:
podofo is a C++ library to work with the PDF file format.

A fuzz on it with the UBSAN discovered a NULL pointer access. The upstream project denies me to open a new ticket. So, I’m unable to communicate with them.

The complete UBSan output:

# podofopdfinfo $FILE
/tmp/portage/app-text/podofo-0.9.4/work/podofo-0.9.4/src/base/PdfOutputStream.cpp:116:33: runtime error: null pointer passed as argument 2, which is declared to never be null

Affected version:
0.9.4

Fixed version:
N/A

Commit fix:
N/A

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
CVE-2017-5854

Reproducer:
https://github.com/asarubbo/poc/blob/master/00143-podofo-nullptr-PdfOutputStream

Timeline:
2017-01-05: bug discovered
2017-02-01: blog post about the issue
2017-02-02: CVE assigned

Note:
This bug was found with American Fuzzy Lop.

Permalink:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp

This entry was posted in advisories, security. Bookmark the permalink.

One Response to podofo: NULL pointer dereference in PdfOutputStream.cpp

  1. Pingback: SB17-065: Vulnerability Summary for the Week of February 27, 2017 – sec.uno

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.