Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
00251-podofo-nullptr2
README.md

README.md

CVE/EDB ID

CVE-2017-7381

Experiment Environment

Ubuntu 14.04 LTS

INSTALL & Configuration

download PoDoFo from sourceforge
tar xvf podofo.tar.gz
cd podofo 
mkdir build
cmake -G "Unix Makefiles" -DCMAKE_INSTALL_PREFIX="`pwd`/../podofo" -DCMAKE_BUILD_TYPE=Debug ..
make
make install

Problems in Installation & Configuration

CMake Error at /usr/share/cmake-2.8/Modules/FindPackageHandleStandardArgs.cmake:108 (message):
Could NOT find FREETYPE (missing: FREETYPE_LIBRARY FREETYPE_INCLUDE_DIR)

sudo apt-get install libfreetype6-dev

Could not find fontconfig

sudo apt-get install libfontconfig1-dev

CMake Error at CMakeLists.txt:36 (CMAKE_POLICY): Policy "CMP0033" is not known to this version of CMake.

solution 1: use higher version cmake solution 2: delete CMakeLists.txt:36

How to trigger vulnerability

podofotxtextract $FILE

PoCs

Inside the folder

Vulnerability Details & Patch

Root Cause

Stack Trace

==23885==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f44177e97b7 bp 0x7ffe130bed10 sp 0x7ffe130beca0 T0)
==23885==The signal is caused by a READ memory access.
==23885==Hint: address points to the zero page.
    #0 0x7f44177e97b6 in PoDoFo::PdfPage::GetFromResources(PoDoFo::PdfName const&, PoDoFo::PdfName const&) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfPage.cpp:609:23
    #1 0x51dda3 in TextExtractor::ExtractText(PoDoFo::PdfMemDocument*, PoDoFo::PdfPage*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/TextExtractor.cpp:98:47
    #2 0x51d021 in TextExtractor::Init(char const*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/TextExtractor.cpp:48:15
    #3 0x539f6d in main /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/podofotxtextract.cpp:52:17
    #4 0x7f441585f6ff in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289
    #5 0x420d48 in _start (/usr/bin/podofotxtextract+0x420d48)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfPage.cpp:609:23 in PoDoFo::PdfPage::GetFromResources(PoDoFo::PdfName const&, PoDoFo::PdfName const&)

References

https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference/

You can’t perform that action at this time.