Key Information Vulnerability Overview Vulnerability Type: Heap-use-after-free Affected Component: PoDoFo PDF-Library PdfDictionary Affected Function: PdfParser::ReadDictionary() Source File: pdfparser.cpp Line Number: 705 Signal: SIGABRT (6) Memory Access: Write Affected Memory Range: 24-byte region containing PdfName: NameData Mechanism and Root Cause 1. Allocation Phase: PdfName object is created in PdfParser::ReadObject(). 2. Premature Deallocation: During dictionary parsing, PdfParser::ReadDictionary() releases the shared PdfName object. 3. Use-after-free: PdfName::~PdfName() attempts to access the already-freed shared object. 4. Memory Corruption: Triggers a write to freed memory. Address Sanitizer Report Provides detailed stack trace and memory access error information. Proof of Concept (PoC) A maliciously crafted PDF file is provided to trigger the vulnerability. Download Link: POC_download.pdfname_use_after_free Reproduction Steps 1. Compile PoDoFo. 2. Execute command: . 3. The program will crash with a heap-use-after-free error. Affected Versions PoDoFo version 1.1.0-dev (commit 893f7c7) and the latest main branch. Acknowledgments Discoverer: Xudong Cao (UCAS) Verification Team: Zhongguancun Laboratory