POC for Xpdf 4.04 Infinite Stack Recursion

This Repo contains crafted pdfs which trigger multiple vulnerabilities in Xpdf v4.04 which causes an infinite stack recursion. Any attacker could use this vulnerability to cause a DoS attack if the binary was running as a service. This is similar to CVE-2019-13288

POC

Run any of the crashing files labelled crash0 to crash16 with the pdftotext binary.

pdftotext ./crash0
pdftotext ./crash1
...
pdftotext ./crash16

Vulnerability Discovery

This vulnerability was discoverd with the help of AFL++

Root Cause

This vulnerability is due to an infinite stack recursion in the multiple functions like Catalog::countPageTree(Object *pagesObj) , XRefCacheEntry::XRefCacheEntry, Stream::Stream, Object::Object

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.gdb_history		.gdb_history
README.md		README.md
crash.zip		crash.zip
crash0		crash0
crash1		crash1
crash10		crash10
crash11		crash11
crash12		crash12
crash13		crash13
crash14		crash14
crash15		crash15
crash16		crash16
crash2		crash2
crash3		crash3
crash4		crash4
crash5		crash5
crash6		crash6
crash7		crash7
crash8		crash8
crash9		crash9

EsharkyTheGreat/Xpdf-4.04-InfiniteStackRecursion

Folders and files

Latest commit

History

Repository files navigation

POC for Xpdf 4.04 Infinite Stack Recursion

POC

Vulnerability Discovery

Root Cause

About

Resources

Stars

Watchers

Forks