php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #57955 pdflib buffer overflow
Submitted: 2007-12-06 12:14 UTC Modified: 2016-08-25 13:37 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: poplix at papuasia dot org Assigned: rjs (profile)
Status: Closed Package: pdflib (PECL)
PHP Version: Irrelevant OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: poplix at papuasia dot org
New email:
PHP Version: OS:

 

 [2007-12-06 12:14 UTC] poplix at papuasia dot org 
Description:
------------
i would like to inform you that recently multiple buffer overflows have been found inside of pdflib. php apps that uses pdflib can be exploited by passing a long filename to certain funtions (ie PDF_load_image()). pdflib developers have been contacted and they plained to fix those bugs in the next release.

I know this is not a php bug so i only hope it can be useful in some way

please keep this information confidential


cheers,

-poplix
http://px.dynalias.org

Reproduce code:
---------------
PDF_load_image($p, str_repeat("A", 1100),null)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-04 14:43 UTC] cmb@php.net
-Assigned To: +Assigned To: rjs
 [2016-08-04 14:43 UTC] cmb@php.net 
Has this issue been resolved, Rainer?
 [2016-08-25 13:36 UTC] rjs@php.net
-Status: Assigned +Status: Closed
 [2016-08-25 13:36 UTC] rjs@php.net 
Current PDFlib (PDFlib 9.0.7) does not have this problem any longer.

Here the error message that is implemented:

MyBigMac (2)$ 
PDFlib exception occurred in starter_image sample:
[1069] load_image: Specified file name too long (> 1024 bytes): 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
 [2016-08-25 13:37 UTC] rjs@php.net 
This was fixed with this bugfix in PDFlib:

- 2007-12-06 (bug #1548/add-on)
 Check incoming filename parameters and searchpath entries for a maximum
 length of 1023 bytes. This fixes vulnerability CVE-2007-6561.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jan 15 15:01:31 2025 UTC