Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
Dear PDFBox maintainers,
Fuzzing has found a security related issue in OSS-Fuzz with JVM Fuzzer Jazzer in PDFBox. We have reviewed the finding and regarded it as security-related due to the potential of a denial of service. We would appreciate it if you could take a look at the finding. Do you see a risk that this might be exploited by untrusted input?
Part of the stack trace:
== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Stack overflow (use '-Xss921k' to reproduce)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionaryValue(BaseParser.java:187)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionaryNameValuePair(BaseParser.java:347)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionary(BaseParser.java:263)
at org.apache.pdfbox.pdfparser.BaseParser.parseDirObject(BaseParser.java:882)
Caused by: java.lang.StackOverflowError
at org.apache.commons.logging.impl.Jdk14Logger.log(Jdk14Logger.java:76)
at org.apache.commons.logging.impl.Jdk14Logger.warn(Jdk14Logger.java:260)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionary(BaseParser.java:271)
at org.apache.pdfbox.pdfparser.BaseParser.parseDirObject(BaseParser.java:882)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionaryValue(BaseParser.java:187)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionaryNameValuePair(BaseParser.java:347)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionary(BaseParser.java:263)
at org.apache.pdfbox.pdfparser.BaseParser.parseDirObject(BaseParser.java:882)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionaryValue(BaseParser.java:187)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionaryNameValuePair(BaseParser.java:347)
at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionary(BaseParser.java:263)
...
We have added a reproducer zip which contains a README that describes how to reproduce the issue.
Reproducer Zip: https://drive.google.com/file/d/1CrVPoQhnTZ6FdAOr7tuny7vhG0gsnZZa/view?usp=share_link
OSS-Fuzz issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58353
Hint: The provided OSS-Fuzz Issue link is only accessible if the issue is fixed or you are the maintainer of the OSS-Fuzz project.