pypdf限制xref及对象流大小修复DoS漏洞

漏洞总结 漏洞概述 漏洞编号: #3733 漏洞描述: 限制xref和对象流的大小，防止因过大导致内存耗尽或拒绝服务攻击。 修复方案: 使用动态方法基于实际流大小和提供的宽度参数来限制最大允许值，确保向后兼容性。 影响范围 受影响文件: - - - 修复方案 具体修改: - 在 中，增加了对 属性的验证，确保其不为空。 - 在 中，增加了以下限制： - 限制对象流的最大允许值。 - 限制xref条目的最大允许值。 - 限制对象流中对象的最大允许值。 - 在 中，增加了相应的测试用例，验证上述限制的有效性。 POC代码 ```python tests/test_reader.py def test_read_pdf5_xref_stream_size_limit(catalog): pdf = b"%PDF-1.7\n" pdf += b"1 0 obj\n>\nendobj\n" pdf += b"2 0 0 obj\n>\nendobj\n" pdf += b"3 0 obj\n>\nstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf += b"startxref\n0\n%%EOF\n" pdf += b"endstream\n" pdf

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

pypdf限制xref及对象流大小修复DoS漏洞

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

pypdf限制xref及对象流大小修复DoS漏洞

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！