php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #57955 pdflib buffer overflow
Submitted: 2007-12-06 12:14 UTC Modified: 2016-08-25 13:37 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: poplix at papuasia dot org Assigned: rjs (profile)
Status: Closed Package: pdflib (PECL)
PHP Version: Irrelevant OS: any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
31 - 12 = ?
Subscribe to this entry?

 
 [2007-12-06 12:14 UTC] poplix at papuasia dot org 
Description:
------------
i would like to inform you that recently multiple buffer overflows have been found inside of pdflib. php apps that uses pdflib can be exploited by passing a long filename to certain funtions (ie PDF_load_image()). pdflib developers have been contacted and they plained to fix those bugs in the next release.

I know this is not a php bug so i only hope it can be useful in some way

please keep this information confidential


cheers,

-poplix
http://px.dynalias.org

Reproduce code:
---------------
PDF_load_image($p, str_repeat("A", 1100),null)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-04 14:43 UTC] cmb@php.net
-Assigned To: +Assigned To: rjs
 [2016-08-04 14:43 UTC] cmb@php.net 
Has this issue been resolved, Rainer?
 [2016-08-25 13:36 UTC] rjs@php.net
-Status: Assigned +Status: Closed
 [2016-08-25 13:36 UTC] rjs@php.net 
Current PDFlib (PDFlib 9.0.7) does not have this problem any longer.

Here the error message that is implemented:

MyBigMac (2)$ 
PDFlib exception occurred in starter_image sample:
[1069] load_image: Specified file name too long (> 1024 bytes): 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
 [2016-08-25 13:37 UTC] rjs@php.net 
This was fixed with this bugfix in PDFlib:

- 2007-12-06 (bug #1548/add-on)
 Check incoming filename parameters and searchpath entries for a maximum
 length of 1023 bytes. This fixes vulnerability CVE-2007-6561.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 04:01:28 2024 UTC