CVE-2018-25306— PDFunite 0.41.0 Buffer Overflow via Malformed PDF

PDFunite 0.41.0 Buffer Overflow via Malformed PDF

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF file to the pdfunite utility.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

PDFunite 安全漏洞

PDFunite是poppler-utils开源的一个用于合并多个PDF文件为单个文档的命令行工具。 PDFunite 0.41.0版本存在安全漏洞，该漏洞源于缓冲区溢出，可能导致本地攻击者通过处理畸形PDF文件在合并操作期间使应用程序崩溃，向pdfunite工具提供特制PDF文件以触发libpoppler中XRef::getEntry函数的分段错误。

N/A

N/A