Bug 1094315 (CVE-2018-11254) - VUL-1: CVE-2018-11254: podofo: Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp
Summary: VUL-1: CVE-2018-11254: podofo: Excessive Recursion in the PdfPagesTree::GetPa...
Status: RESOLVED FIXED
Alias: CVE-2018-11254
Product: openSUSE Distribution
Classification: openSUSE
Component: Other (show other bugs)
Version: Leap 15.0
Hardware: Other Other
: P4 - Low : Minor (vote)
Target Milestone: ---
Assignee: Antonio Larrosa
QA Contact: E-mail List
URL: https://smash.suse.de/issue/206257/
Whiteboard: CVSSv3:SUSE:CVE-2018-11254:3.3:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-23 08:07 UTC by Karol Babioch
Modified: 2019-10-31 08:21 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (2.29 KB, application/pdf)
2018-05-23 08:07 UTC, Karol Babioch 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-05-23 08:07:31 UTC 
Created attachment 771078 [details]
Reproducer

An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.

Product bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1576174

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1581281
Comment 1 Karol Babioch 2018-05-23 08:37:01 UTC 
kbabioch@sle12sp3:~> gdb podofomerge
GNU gdb (GDB; SUSE Linux Enterprise 12) 8.0.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from podofomerge...(no debugging symbols found)...done.
Missing separate debuginfos, use: zypper install podofo-debuginfo-0.9.2-1.58.x86_64
(gdb) r crash.pdf crash.pdf out.pdf
Starting program: /usr/bin/podofomerge crash.pdf crash.pdf out.pdf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Reading file: crash.pdf
WARNING: Count of readobject is 17. Expected 28.
Error 12 occurred!


PoDoFo encounter an error. Error: 12 ePdfError_NoXRef
	Error Description: No XRef table was found in the PDF file.
	Callstack:
	#0 Error Source: /home/abuild/rpmbuild/BUILD/podofo-0.9.2/src/base/PdfParser.cpp:213
		Information: Unable to load objects from file.
	#1 Error Source: /home/abuild/rpmbuild/BUILD/podofo-0.9.2/src/base/PdfParser.cpp:319
		Information: Unable to load xref entries.
	#2 Error Source: /home/abuild/rpmbuild/BUILD/podofo-0.9.2/src/base/PdfParser.cpp:684
	#3 Error Source: /home/abuild/rpmbuild/BUILD/podofo-0.9.2/src/base/PdfParser.cpp:771


[Inferior 1 (process 13941) exited with code 014]
Comment 2 Marcus Meissner 2018-06-11 08:29:53 UTC 
leap 42 and sle12 not affected.

leap 15.0 and tumbleweed affected.
Comment 3 Marcus Meissner 2019-10-31 08:21:26 UTC 
was fixed with 0.9.6 update.