Description:
podofo is a C++ library to work with the PDF file format.
A fuzz on it with the UBSAN discovered a signed integer overflow. The upstream project denies me to open a new ticket. So, I’m unable to communicate with them.
The complete UBSan output:
# podofopdfinfo $FILE /tmp/portage/app-text/podofo-0.9.4/work/podofo-0.9.4/src/base/PdfParser.cpp:757:23: runtime error: signed integer overflow: 9223372036854775807 + 9 cannot be represented in type 'long'
Affected version:
0.9.4
Fixed version:
N/A
Commit fix:
N/A
Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.
CVE:
CVE-2017-5853
Reproducer:
https://github.com/asarubbo/poc/blob/master/00144-podofo-signintoverflow-PdfParser
Timeline:
2017-01-05: bug discovered
2017-02-01: blog post about the issue
2017-02-02: CVE assigned
Note:
This bug was found with American Fuzzy Lop.
Permalink:
https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
Pingback: SB17-065: Vulnerability Summary for the Week of February 27, 2017 – sec.uno