Mageia Bugzilla – Attachment 10684 Details for
Bug 21511
podofo new security issues CVE-2015-8981, CVE-2017-585[2-5], CVE-2017-5886, CVE-2017-684[0-9], CVE-2017-737[89], CVE-2017-738[0-3], CVE-2017-8787
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Summary of POC tests before update
report-before.21511 (text/plain), 4.75 KB, created by
Len Lawrence
on 2019-01-21 21:30:06 CET
(
hide
)
Description:
Summary of POC tests before update
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2019-01-21 21:30:06 CET
Size:
4.75 KB
patch
obsolete
>The PoC files are meant to be tested in the UBSAN framework, which would involve compiling the sources, so we shall skip that and see if the current software gives any useful information. > >*Before updates* > >------------------------------------------------------------------------------ >CVE-2018-5295 >https://bugzilla.redhat.com/show_bug.cgi?id=1531897 >$ podofoimgextract $POC OUTPUT_DIR > >$ podofoimgextract podofo_0-9-5-rc1_podofoimgextract_integer-overflow_PdfXRefStreamParserObject-ParseStream.pdf ~/qa/ >Error: An error 13 ocurred during processing the pdf file. >PoDoFo encountered an error. Error: 13 ePdfError_NoXRef > Error Description: No XRef table was found in the PDF file. > >------------------------------------------------------------------------------ >CVE-2018-5296 >https://bugzilla.redhat.com/show_bug.cgi?id=1531956 >$ podofoimgextract podofo_0-9-5_podofoimgextract_uncontrolled-memory-allocation_PdfParser-ReadXRefSubsection.pdf . >WARNING: There are more objects (9560000000000) in this XRef table than specified in the size key of the trailer directory (95)! >Error: An error 6 ocurred during processing the pdf file. >PoDoFo encountered an error. Error: 6 ePdfError_OutOfMemory > Error Description: PoDoFo is out of memory. > >------------------------------------------------------------------------------ >CVE-2018-5308 >https://bugzilla.redhat.com/show_bug.cgi?id=1532390 >$ podofoimgextract podofo_0-9-5_podofoimgextract_undefined-behavior_PdfMemoryOutputStream-Write.pdf . >Error: An error 5 ocurred during processing the pdf file. >PoDoFo encountered an error. Error: 5 ePdfError_UnexpectedEOF > Error Description: End of file was reached unxexpectedly. > >------------------------------------------------------------------------------ >CVE-2018-5309 >https://bugzilla.redhat.com/show_bug.cgi?id=1532381 >$ podofoimgextract podofo_0-9-5_podofoimgextract_integer-overflow_PdfObjectStreamParserObject-ReadObjectsFromStream.pdf . >Error: An error 5 ocurred during processing the pdf file. >PoDoFo encountered an error. Error: 5 ePdfError_UnexpectedEOF > Error Description: End of file was reached unxexpectedly. > >------------------------------------------------------------------------------ >CVE-2018-5783 >https://bugzilla.redhat.com/show_bug.cgi?id=1536179 >$ podofoimgextract podofo_0-9-5_podofoimgextract_uncontrolled-memory-allocation_PoDoFo-PdfVecObjects-Reserve.pdf . >terminate called after throwing an instance of 'std::length_error' > what(): vector::reserve >Aborted (core dumped) > >------------------------------------------------------------------------------ >CVE-2018-8001 >https://bugzilla.redhat.com/show_bug.cgi?id=1549469 >$ podofogc $POC a.pdf >$ podofogc podofo-heap-buffer-overread-PdfName-UnescapeName.pdf a.pdf >Parsing podofo-heap-buffer-overread-PdfName-UnescapeName.pdf ... (this might take a while) >PoDoFo encountered an error. Error: 20 ePdfError_InvalidDataType > >------------------------------------------------------------------------------ >CVE-2018-11254 >https://bugzilla.redhat.com/show_bug.cgi?id=1576174 >$ podofomerge crash.pdf crash.pdf out.pdf >[...] >Reference to invalid object: 1 0 R >CRITICAL: Segmentation fault (core dumped) > >------------------------------------------------------------------------------ >CVE-2018-11255 >https://bugzilla.redhat.com/show_bug.cgi?id=1575502 >$ podofopdfinfo crash1.pdf >[...] > Page Count: 3 >Error: An error 11 ocurred during uncompressing the pdf file. >PoDoFo encountered an error. Error: 11 ePdfError_PageNotFound > >The upstream test under gdb produced more output and eventually segfaulted so this result may indicate a prior repair in which case the output should be very similar after updating. > >------------------------------------------------------------------------------ >CVE-2018-11256 >https://bugzilla.redhat.com/show_bug.cgi?id=1575851 >$ podofomerge crash1.pdf crash1.pdf out.pdf >[...] >CRITICAL: Cannot find page 1 or page 1 has no parents. Cannot insert new page.Segmentation fault (core dumped) > >------------------------------------------------------------------------------ >CVE-2018-12982 >https://bugzilla.redhat.com/show_bug.cgi?id=1595689 >$ podofocolor dummy poc1 foo >WARNING: There are more objects (71) in this XRef table than specified in the size key of the trailer directory (37)! >Segmentation fault (core dumped) > >------------------------------------------------------------------------------ >CVE-2018-14320 >No PoC found. > >------------------------------------------------------------------------------ >CVE-2018-19532 >https://research.loginsoft.com/vulnerability/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/ >A PoC is mentioned, run thus: >$ podofoimpose $POC outfile.pdf native >but no actual crafted file. > >------------------------------------------------------------------------------ >Shall run a couple of utility tests on PDF files before updating.
The PoC files are meant to be tested in the UBSAN framework, which would involve compiling the sources, so we shall skip that and see if the current software gives any useful information. *Before updates* ------------------------------------------------------------------------------ CVE-2018-5295 https://bugzilla.redhat.com/show_bug.cgi?id=1531897 $ podofoimgextract $POC OUTPUT_DIR $ podofoimgextract podofo_0-9-5-rc1_podofoimgextract_integer-overflow_PdfXRefStreamParserObject-ParseStream.pdf ~/qa/ Error: An error 13 ocurred during processing the pdf file. PoDoFo encountered an error. Error: 13 ePdfError_NoXRef Error Description: No XRef table was found in the PDF file. ------------------------------------------------------------------------------ CVE-2018-5296 https://bugzilla.redhat.com/show_bug.cgi?id=1531956 $ podofoimgextract podofo_0-9-5_podofoimgextract_uncontrolled-memory-allocation_PdfParser-ReadXRefSubsection.pdf . WARNING: There are more objects (9560000000000) in this XRef table than specified in the size key of the trailer directory (95)! Error: An error 6 ocurred during processing the pdf file. PoDoFo encountered an error. Error: 6 ePdfError_OutOfMemory Error Description: PoDoFo is out of memory. ------------------------------------------------------------------------------ CVE-2018-5308 https://bugzilla.redhat.com/show_bug.cgi?id=1532390 $ podofoimgextract podofo_0-9-5_podofoimgextract_undefined-behavior_PdfMemoryOutputStream-Write.pdf . Error: An error 5 ocurred during processing the pdf file. PoDoFo encountered an error. Error: 5 ePdfError_UnexpectedEOF Error Description: End of file was reached unxexpectedly. ------------------------------------------------------------------------------ CVE-2018-5309 https://bugzilla.redhat.com/show_bug.cgi?id=1532381 $ podofoimgextract podofo_0-9-5_podofoimgextract_integer-overflow_PdfObjectStreamParserObject-ReadObjectsFromStream.pdf . Error: An error 5 ocurred during processing the pdf file. PoDoFo encountered an error. Error: 5 ePdfError_UnexpectedEOF Error Description: End of file was reached unxexpectedly. ------------------------------------------------------------------------------ CVE-2018-5783 https://bugzilla.redhat.com/show_bug.cgi?id=1536179 $ podofoimgextract podofo_0-9-5_podofoimgextract_uncontrolled-memory-allocation_PoDoFo-PdfVecObjects-Reserve.pdf . terminate called after throwing an instance of 'std::length_error' what(): vector::reserve Aborted (core dumped) ------------------------------------------------------------------------------ CVE-2018-8001 https://bugzilla.redhat.com/show_bug.cgi?id=1549469 $ podofogc $POC a.pdf $ podofogc podofo-heap-buffer-overread-PdfName-UnescapeName.pdf a.pdf Parsing podofo-heap-buffer-overread-PdfName-UnescapeName.pdf ... (this might take a while) PoDoFo encountered an error. Error: 20 ePdfError_InvalidDataType ------------------------------------------------------------------------------ CVE-2018-11254 https://bugzilla.redhat.com/show_bug.cgi?id=1576174 $ podofomerge crash.pdf crash.pdf out.pdf [...] Reference to invalid object: 1 0 R CRITICAL: Segmentation fault (core dumped) ------------------------------------------------------------------------------ CVE-2018-11255 https://bugzilla.redhat.com/show_bug.cgi?id=1575502 $ podofopdfinfo crash1.pdf [...] Page Count: 3 Error: An error 11 ocurred during uncompressing the pdf file. PoDoFo encountered an error. Error: 11 ePdfError_PageNotFound The upstream test under gdb produced more output and eventually segfaulted so this result may indicate a prior repair in which case the output should be very similar after updating. ------------------------------------------------------------------------------ CVE-2018-11256 https://bugzilla.redhat.com/show_bug.cgi?id=1575851 $ podofomerge crash1.pdf crash1.pdf out.pdf [...] CRITICAL: Cannot find page 1 or page 1 has no parents. Cannot insert new page.Segmentation fault (core dumped) ------------------------------------------------------------------------------ CVE-2018-12982 https://bugzilla.redhat.com/show_bug.cgi?id=1595689 $ podofocolor dummy poc1 foo WARNING: There are more objects (71) in this XRef table than specified in the size key of the trailer directory (37)! Segmentation fault (core dumped) ------------------------------------------------------------------------------ CVE-2018-14320 No PoC found. ------------------------------------------------------------------------------ CVE-2018-19532 https://research.loginsoft.com/vulnerability/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/ A PoC is mentioned, run thus: $ podofoimpose $POC outfile.pdf native but no actual crafted file. ------------------------------------------------------------------------------ Shall run a couple of utility tests on PDF files before updating.
View Attachment As Raw
Actions:
View
Attachments on
bug 21511
: 10684