b***@artifex.com
2017-10-23 12:45:28 UTC
http://bugs.ghostscript.com/show_bug.cgi?id=698689
Bug ID: 698689
Summary: Segmentation fault when handling crafted PDF file
Product: MuPDF
Version: master
Hardware: PC
OS: Windows NT
Status: UNCONFIRMED
Severity: normal
Priority: P4
Component: mupdf
Assignee: mupdf-***@artifex.com
Reporter: ***@gmail.com
QA Contact: gs-***@ghostscript.com
Word Size: ---
Created attachment 14408
--> http://bugs.ghostscript.com/attachment.cgi?id=14408&action=edit
POC file of the vulnerability
A segmentation fault issue was found in mutool when handling crafted PDF files,
which may lead to potential attack.
The issue can be reproduced as follow:
***@ubuntu:~/source/mupdf/build/release$ ./mutool -v
mutool version 1.11
***@ubuntu:~/source/mupdf/build/release$ gdb -q ./mutool
Reading symbols from ./mutool...(no debugging symbols found)...done.
(gdb) r clean -gggg -l -a -d -z -f -i
/home/ctf/fuzz/mupdf/TSL20070108-02.pdf.min
Starting program: /home/ctf/source/mupdf/build/release/mutool clean -gggg -l -a
-d -z -f -i /home/ctf/fuzz/mupdf/mutool-sigsegv-poc-1.pdf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
error: cannot recognize version marker
warning: trying to repair broken xref
warning: repairing PDF document
warning: expected 'endobj' or 'stream' keyword (3 0 R)
warning: expected 'endobj' or 'stream' keyword (7 0 R)
Program received signal SIGSEGV, Segmentation fault.
0x084f31f7 in ?? ()
(gdb) bt
#0 0x084f31f7 in ?? ()
#1 0x0850e894 in ?? ()
#2 0x08518e9e in ?? ()
#3 0x08419f62 in ?? ()
#4 0x080cff4c in ?? ()
#5 0x0806b8db in ?? ()
#6 0xb780e276 in __libc_start_main (main=0x806a970, argc=10, argv=0xbffff634,
init=0x8fb62d0, fini=0x8fb6330, rtld_fini=0xb7fea920 <_dl_fini>,
stack_end=0xbffff62c) at ../csu/libc-start.c:291
#7 0x080747b1 in ?? ()
(gdb)
The POC file has been attached.
Bug ID: 698689
Summary: Segmentation fault when handling crafted PDF file
Product: MuPDF
Version: master
Hardware: PC
OS: Windows NT
Status: UNCONFIRMED
Severity: normal
Priority: P4
Component: mupdf
Assignee: mupdf-***@artifex.com
Reporter: ***@gmail.com
QA Contact: gs-***@ghostscript.com
Word Size: ---
Created attachment 14408
--> http://bugs.ghostscript.com/attachment.cgi?id=14408&action=edit
POC file of the vulnerability
A segmentation fault issue was found in mutool when handling crafted PDF files,
which may lead to potential attack.
The issue can be reproduced as follow:
***@ubuntu:~/source/mupdf/build/release$ ./mutool -v
mutool version 1.11
***@ubuntu:~/source/mupdf/build/release$ gdb -q ./mutool
Reading symbols from ./mutool...(no debugging symbols found)...done.
(gdb) r clean -gggg -l -a -d -z -f -i
/home/ctf/fuzz/mupdf/TSL20070108-02.pdf.min
Starting program: /home/ctf/source/mupdf/build/release/mutool clean -gggg -l -a
-d -z -f -i /home/ctf/fuzz/mupdf/mutool-sigsegv-poc-1.pdf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
error: cannot recognize version marker
warning: trying to repair broken xref
warning: repairing PDF document
warning: expected 'endobj' or 'stream' keyword (3 0 R)
warning: expected 'endobj' or 'stream' keyword (7 0 R)
Program received signal SIGSEGV, Segmentation fault.
0x084f31f7 in ?? ()
(gdb) bt
#0 0x084f31f7 in ?? ()
#1 0x0850e894 in ?? ()
#2 0x08518e9e in ?? ()
#3 0x08419f62 in ?? ()
#4 0x080cff4c in ?? ()
#5 0x0806b8db in ?? ()
#6 0xb780e276 in __libc_start_main (main=0x806a970, argc=10, argv=0xbffff634,
init=0x8fb62d0, fini=0x8fb6330, rtld_fini=0xb7fea920 <_dl_fini>,
stack_end=0xbffff62c) at ../csu/libc-start.c:291
#7 0x080747b1 in ?? ()
(gdb)
The POC file has been attached.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are receiving this mail because:
You are the QA Contact for the bug.