Vigil@nce: poppler, memory corruption
July 2008 by Vigil@nce
An attacker can create a malicious PDF file in order to create a
denial of service or to execute code when it is opened by poppler.
– Gravity: 2/4
– Consequences: user access/rights, denial of service of client
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 08/07/2008
– Identifier: VIGILANCE-VUL-7933
IMPACTED PRODUCTS
Unix - plateform
DESCRIPTION
The poppler program, based on Xpdf, displays PDF documents.
The constructor of the Page class of the poppler/Page.cc file does
not initialize the pageWidgets variable. The memory area indicated
by this variable is freed in the destructor.
An attacker can therefore create a malicious PDF document in order
to place an address at the location of pageWidgets, to force a
free on an invalid memory address.
This vulnerability leads to a denial of service or to code
execution.
CHARACTERISTICS
– Identifiers: BID-30107, CVE-2008-2950, oCERT-2008-007,
VIGILANCE-VUL-7933
– Url: https://vigilance.aql.fr/tree/1/7933