pdfium PDF_DecodeText堆缓冲区溢出漏洞(CVE-2019-13706)

漏洞关键信息 标题: pdfium: oob read in PDF_DecodeText 类型: 漏洞 优先级: P1 严重性: S2 状态: Fixed (Verified) 报告人: pd...@gmail.com CVE编号: 2019-13706 复现步骤: UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.133 Safari/537.36 问题描述: AddressSanitizer: heap-buffer-overflow on address 0x602000004597 SCARINESS: 12 (1-byte-read-heap-buffer-overflow) 关键调用栈: core/fpdfapi/parser/pdfium_parser_decode.cpp:495:23 core/fpdfapi/parser/cpdf_stream.cpp:178:10 core/fpdfdoc/cpdf_action.cpp:136:29 core/fpdfsdk/cpdfsdk_actionhandler.cpp:67:10 samples/pdfium_test.cc:703:21 分配调用栈: core/fxcrt/fx_memory.h:94 core/fxcrt/fx_memory.h:68:18 core/fpdfapi/parser/cpdf_stream_acc.cpp:158:7 core/fpdfapi/parser/cpdf_stream_acc.cpp:102:51

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

pdfium PDF_DecodeText堆缓冲区溢出漏洞(CVE-2019-13706)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！