Skip to content

bug fix: infinite loop caused by pdf object of a kid pointing to kid's parent

Taewoo Kim requested to merge taewookim7646/pdftk:bug-fix into master

System environment

  • Ubuntu 16.04 LTS
  • openjdk version "11.0.11" 2021-04-20
  • OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.18.04)
  • OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.18.04, mixed mode)
  • Gradle 7.0.1
  • pdftk version 71fb58a8

Execution (crafted file pdftk_PoC.zipzip)

$ ./pdftk-2.02-dist/pdftk/pdftk ./CVE-2007-0103_AcrobatReader output tmpf/tmp

  • the input file is retrieved from CVE-2007-0103 PoC file. I also included another file partially mutated from the PoC file.

An infinite loop occurs due to the object id pointing to itself. It occurs due to the kid object pointing parent object id.

I've developed a patch code.

Please check and confirm the patch code.

Edited by Taewoo Kim

Merge request reports