| Bug ID | 1023069 |
|---|---|
| Summary | VUL-1: podofo: signed integer overflow in PdfParser.cpp |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Ref: http://seclists.org/oss-sec/2017/q1/264 =============================================== Description: podofo is a C++ library to work with the PDF file format. A fuzz on it with the UBSAN discovered a signed integer overflow. The upstream project denies me to open a new ticket. So, I���m unable to communicate with them. The complete UBSan output: # podofopdfinfo $FILE /tmp/portage/app- text/podofo-0.9.4/work/podofo-0.9.4/src/base/PdfParser.cpp:757:23: runtime error: signed integer overflow: 9223372036854775807 + 9 cannot be represented in type 'long' Affected version: 0.9.4 Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00144-podofo-signintoverflow-PdfParser Timeline: 2017-01-05: bug discovered 2017-02-01: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp -- Agostino Sarubbo Gentoo Linux Developer =============================================== https://software.opensuse.org/package/podofo TW: 0.9.4 42.(1|2): 0.9.3