Xpdf 4.02 NULL Pointer Dereference

Xpdf 4.02 NULL Pointer Dereference: Posted Oct 2, 2019; Authored by Dhiraj Mishra; Xpdf version 4.02 suffers from a null pointer dereference vulnerability.; tags | advisory; advisories | CVE-2019-17064; SHA-256 | 714323324124447a3720e4acecefa4a5621bc11ef45ca9e104d7bc6b946bbddd; Download | Favorite | View

Xpdf 4.02 NULL Pointer Dereference

Exploit Title: NULL pointer dereference
# Exploit Author: Dhiraj Mishra
# Vendor Homepage: https://www.xpdfreader.com/
# Software Link: https://www.xpdfreader.com/download.html
# CVE: CVE-2019-17064
# References:
# https://nvd.nist.gov/vuln/detail/CVE-2019-17064
# https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890

*Summary:*
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because
Catalog.pageLabels is initialized too late in the Catalog constructor.

*BT:*
#0  0x00005555556d1dce in Catalog::~Catalog (this=<optimized out>,
__in_chrg=<optimized out>)
    at /home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295
#1  0x0000555555a1b1d1 in PDFDoc::setup2 (repairXRef=0, userPassword=0x0,
ownerPassword=0x0, this=0x607000000090)
    at /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:312
#2  PDFDoc::setup (this=0x607000000090, ownerPassword=0x0,
userPassword=0x0) at /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:261
#3  0x0000555555a1bb84 in PDFDoc::PDFDoc (this=0x607000000090,
fileNameA=<optimized out>, ownerPassword=<optimized out>,
    userPassword=<optimized out>, coreA=<optimized out>) at
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:208
#4  0x0000555555674ffb in main (argc=<optimized out>, argv=<optimized out>)
at /home/input0/Desktop/xpdf-4.02/xpdf/pdfdetach.cc:119

*ASAN:*
==28603==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x55d7a4eaadce bp 0x6070000000dc sp 0x7ffc6078b640 T0)
==28603==The signal is caused by a READ memory access.
==28603==Hint: address points to the zero page.
    #0 0x55d7a4eaadcd in Catalog::~Catalog()
/home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295
    #1 0x55d7a51f41d0 in PDFDoc::setup2(GString*, GString*, int)
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:312
    #2 0x55d7a51f41d0 in PDFDoc::setup(GString*, GString*)
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:261
    #3 0x55d7a51f4b83 in PDFDoc::PDFDoc(char*, GString*, GString*,
PDFCore*) /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:208
    #4 0x55d7a4e4dffa in main
/home/input0/Desktop/xpdf-4.02/xpdf/pdfdetach.cc:119
    #5 0x7fd635ac1b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #6 0x55d7a4e50579 in _start
(/home/input0/Desktop/xpdf-4.02/build/xpdf/pdfdetach+0x123579)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295 in Catalog::~Catalog()
==28603==ABORTING

* To reproduce: *
 pdfdetach -list $POC

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Xpdf 4.02 NULL Pointer Dereference

Xpdf 4.02 NULL Pointer Dereference

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Xpdf 4.02 NULL Pointer Dereference

Share This

Xpdf 4.02 NULL Pointer Dereference

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems