pdfium heap-buffer-overflow in PDF_DecodeText (CVE-2019-13706)

Vulnerability Key Information Title: pdfium: oob read in PDF_DecodeText Type: Vulnerability Priority: P1 Severity: S2 Status: Fixed (Verified) Reporter: pd...@gmail.com CVE ID: 2019-13706 Reproduction Steps: UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.133 Safari/537.36 Issue Description: AddressSanitizer: heap-buffer-overflow on address 0x602000004597 SCARINESS: 12 (1-byte-read-heap-buffer-overflow) Key Call Stack: core/fpdfapi/parser/pdfium_parser_decode.cpp:495:23 core/fpdfapi/parser/cpdf_stream.cpp:178:10 core/fpdfdoc/cpdf_action.cpp:136:29 core/fpdfsdk/cpdfsdk_actionhandler.cpp:67:10 samples/pdfium_test.cc:703:21 Allocation Call Stack: core/fxcrt/fx_memory.h:94 core/fxcrt/fx_memory.h:68:18 core/fpdfapi/parser/cpdf_stream_acc.cpp:158:7 core/fpdfapi/parser/cpdf_stream_acc.cpp:102:51

Goal Reached Thanks to every supporter — we hit 100%!

pdfium heap-buffer-overflow in PDF_DecodeText (CVE-2019-13706)