what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Poppler 0.62.0-2ubuntu2.2 Null Pointer Dereference

Poppler 0.62.0-2ubuntu2.2 Null Pointer Dereference
Posted Nov 12, 2018
Authored by Dhiraj Mishra

Poppler version 0.62.0-2ubuntu2.2 suffers from a null pointer dereference vulnerability.

tags | advisory
SHA-256 | eefc34085f4ae1117d3cf2f9e4ef43c05e5c4c134c9f2b2201329c21bec52935

Poppler 0.62.0-2ubuntu2.2 Null Pointer Dereference

Change Mirror Download
## Summary

While fuzzing evince v3.28.4, on linux 4.15.0-38-generic (Ubuntu 18.04
LTS), a null-pointer dereference was observed, initially this was reported
to evince but the evince team advised that the issue is in poppler, the
library used by evince to render PDF. Poppler version: 0.62.0-2ubuntu2.2 is
vulnerable to null-pointer dereference, however the issue is already fixed
in poppler 0.70, but this will still crash your evince v3.28.4 if poppler
is not updated to v.0.70. Fuzzing result showing a very important
vulnerability in a package currently shipped by a major Linux distribution
is still of interest, even if that Linux distribution does not package the
latest released upstream version.


## Debug

(gdb) run NullPointerDeference.h_134
Starting program: /usr/bin/evince NullPointerDeference.h_134
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fd84d3cf700 (LWP 17587)]
[New Thread 0x7fd84cbce700 (LWP 17588)]
[New Thread 0x7fd84718c700 (LWP 17589)]
[New Thread 0x7fd84651c700 (LWP 17594)]
[New Thread 0x7fd845b0e700 (LWP 17596)]
[New Thread 0x7fd83223e700 (LWP 17597)]

Thread 7 "EvJobScheduler" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fd83223e700 (LWP 17597)]
0x00007fd8315f629a in _poppler_attachment_new(FileSpec*) () from
/usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
(gdb) bt
#0 0x00007fd8315f629a in _poppler_attachment_new(FileSpec*) () at
/usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
#1 0x00007fd8315fa14a in poppler_annot_file_attachment_get_attachment ()
at /usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
#2 0x00007fd83183673d in () at
/usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so
#3 0x00007fd8592c3bfa in () at /usr/lib/x86_64-linux-gnu/libevview3.so.3
#4 0x00007fd8592c5c02 in () at /usr/lib/x86_64-linux-gnu/libevview3.so.3
#5 0x00007fd856bbee85 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#6 0x00007fd8565956db in start_thread (arg=0x7fd83223e700) at
pthread_create.c:463
#7 0x00007fd8562be88f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) i r
rax 0x0 0
rbx 0x0 0
rcx 0x0 0
rdx 0x0 0
rsi 0x7fd82c0587c0 140566428223424
rdi 0x55720784c640 93948240774720
rbp 0x7fd834004a90 0x7fd834004a90
rsp 0x7fd83223d9e0 0x7fd83223d9e0
r8 0xffffffffffffffb0 -80
r9 0x10 16
r10 0x7fd82c0008d0 140566427863248
r11 0x1 1
r12 0x7fd82c0587c0 140566428223424
r13 0x7fd834004a80 140566562097792
r14 0x5572072f5a60 93948235176544
r15 0x0 0
rip 0x7fd8315f629a 0x7fd8315f629a
<_poppler_attachment_new(FileSpec*)+122>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) info reg ebp rip
ebp 0x34004a90 872434320
rip 0x7fd8315f629a 0x7fd8315f629a
<_poppler_attachment_new(FileSpec*)+122>
(gdb)


Thank you
--
Regards

*Dhiraj Mishra.*GPG ID : 51720F56 | Finger Print : 1F6A FC7B 05AA CF29
8C1C ED65 3233 4D18 5172 0F56
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close