exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Xpdf 4.02 NULL Pointer Dereference

Xpdf 4.02 NULL Pointer Dereference
Posted Oct 2, 2019
Authored by Dhiraj Mishra

Xpdf version 4.02 suffers from a null pointer dereference vulnerability.

tags | advisory
advisories | CVE-2019-17064
SHA-256 | 714323324124447a3720e4acecefa4a5621bc11ef45ca9e104d7bc6b946bbddd

Xpdf 4.02 NULL Pointer Dereference

Change Mirror Download
Exploit Title: NULL pointer dereference
# Exploit Author: Dhiraj Mishra
# Vendor Homepage: https://www.xpdfreader.com/
# Software Link: https://www.xpdfreader.com/download.html
# CVE: CVE-2019-17064
# References:
# https://nvd.nist.gov/vuln/detail/CVE-2019-17064
# https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890

*Summary:*
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because
Catalog.pageLabels is initialized too late in the Catalog constructor.

*BT:*
#0 0x00005555556d1dce in Catalog::~Catalog (this=<optimized out>,
__in_chrg=<optimized out>)
at /home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295
#1 0x0000555555a1b1d1 in PDFDoc::setup2 (repairXRef=0, userPassword=0x0,
ownerPassword=0x0, this=0x607000000090)
at /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:312
#2 PDFDoc::setup (this=0x607000000090, ownerPassword=0x0,
userPassword=0x0) at /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:261
#3 0x0000555555a1bb84 in PDFDoc::PDFDoc (this=0x607000000090,
fileNameA=<optimized out>, ownerPassword=<optimized out>,
userPassword=<optimized out>, coreA=<optimized out>) at
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:208
#4 0x0000555555674ffb in main (argc=<optimized out>, argv=<optimized out>)
at /home/input0/Desktop/xpdf-4.02/xpdf/pdfdetach.cc:119

*ASAN:*
==28603==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x55d7a4eaadce bp 0x6070000000dc sp 0x7ffc6078b640 T0)
==28603==The signal is caused by a READ memory access.
==28603==Hint: address points to the zero page.
#0 0x55d7a4eaadcd in Catalog::~Catalog()
/home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295
#1 0x55d7a51f41d0 in PDFDoc::setup2(GString*, GString*, int)
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:312
#2 0x55d7a51f41d0 in PDFDoc::setup(GString*, GString*)
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:261
#3 0x55d7a51f4b83 in PDFDoc::PDFDoc(char*, GString*, GString*,
PDFCore*) /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:208
#4 0x55d7a4e4dffa in main
/home/input0/Desktop/xpdf-4.02/xpdf/pdfdetach.cc:119
#5 0x7fd635ac1b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#6 0x55d7a4e50579 in _start
(/home/input0/Desktop/xpdf-4.02/build/xpdf/pdfdetach+0x123579)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295 in Catalog::~Catalog()
==28603==ABORTING

* To reproduce: *
pdfdetach -list $POC
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close