php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57955 pdflib buffer overflow
Submitted: 2007-12-06 12:14 UTC Modified: 2016-08-25 13:37 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: poplix at papuasia dot org Assigned: rjs (profile)
Status: Closed Package: pdflib (PECL)
PHP Version: Irrelevant OS: any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: poplix at papuasia dot org
New email:
PHP Version: OS:

 

 [2007-12-06 12:14 UTC] poplix at papuasia dot org
Description:
------------
i would like to inform you that recently multiple buffer overflows have been found inside of pdflib. php apps that uses pdflib can be exploited by passing a long filename to certain funtions (ie PDF_load_image()). pdflib developers have been contacted and they plained to fix those bugs in the next release.

I know this is not a php bug so i only hope it can be useful in some way

please keep this information confidential


cheers,

-poplix
http://px.dynalias.org

Reproduce code:
---------------
PDF_load_image($p, str_repeat("A", 1100),null)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-04 14:43 UTC] cmb@php.net
-Assigned To: +Assigned To: rjs
 [2016-08-04 14:43 UTC] cmb@php.net
Has this issue been resolved, Rainer?
 [2016-08-25 13:36 UTC] rjs@php.net
-Status: Assigned +Status: Closed
 [2016-08-25 13:36 UTC] rjs@php.net
Current PDFlib (PDFlib 9.0.7) does not have this problem any longer.

Here the error message that is implemented:

MyBigMac (2)$ 
PDFlib exception occurred in starter_image sample:
[1069] load_image: Specified file name too long (> 1024 bytes): 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
 [2016-08-25 13:37 UTC] rjs@php.net
This was fixed with this bugfix in PDFlib:

- 2007-12-06 (bug #1548/add-on)
 Check incoming filename parameters and searchpath entries for a maximum
 length of 1023 bytes. This fixes vulnerability CVE-2007-6561.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Jan 18 22:01:22 2020 UTC