关联漏洞
标题:
Xpdf 资源管理错误漏洞
(CVE-2019-13288)
描述:Xpdf是Foo实验室的一款开源的PDF阅读器。该产品支持解码LZW压缩格式的文件以及阅读加密的PDF文件。 Xpdf 4.01.01版本中的Parser.cc文件的‘Parser::getObj()’函数存在安全漏洞。攻击者可借助特制的文件利用该漏洞造成拒绝服务(无限递归)。
描述
Replicated using afl fuzzer instrumentation! Shoutz to antonio-morales.
介绍
# CVE-2019-13288 – Infinite Recursion in Xpdf's Parser::getObj()
## Overview
**CVE-2019-13288** is a vulnerability identified in **Xpdf version 4.01.01**, specifically within the `Parser::getObj()` function in `Parser.cc`. This flaw can lead to **infinite recursion** when processing a specially crafted PDF file, resulting in a **Denial of Service (DoS)** condition. The vulnerability is akin to **CVE-2018-16646** and underscores the importance of robust input validation in recursive functions.
---
## Technical Details
* **CVE ID**: [CVE-2019-13288](https://nvd.nist.gov/vuln/detail/CVE-2019-13288)
* **Affected Software**: Xpdf 4.01.01
* **Vulnerability Type**: Uncontrolled Recursion (CWE-674)
* **Impact**: Denial of Service (DoS)
* **CVSS v3.0 Base Score**: 5.5 (Medium)
* **Vector**: AV\:L/AC\:L/PR\:N/UI\:R/S\:U/C\:N/I\:N/A\:H
### Vulnerable Function: `Parser::getObj()`
The `Parser::getObj()` function is responsible for parsing objects within a PDF file. In Xpdf 4.01.01, this function lacks adequate checks to prevent infinite recursion. An attacker can craft a PDF file with a malicious object structure that causes `getObj()` to call itself recursively without termination, leading to stack exhaustion and application crash.
---
## Exploitation
### Attack Vector
An attacker crafts a malicious PDF file with a specific object structure designed to trigger infinite recursion in the `Parser::getObj()` function. When this file is processed by Xpdf or any application utilizing its library, the application enters an endless recursive loop, consuming system resources and eventually crashing.
### Proof of Concept
A proof-of-concept (PoC) PDF file demonstrating this vulnerability is available below in this repo.
* CVE-2019-13288-POC: [CVE-2019-13288-POC-PDF](https://github.com/WildWestCyberSecurity/CVE-2019-13288/blob/main/EXPLOIT.pdf)
For step by step to see how it was replicated see below:
* Steps to replicate: [STEPS_TAKEN_TO_REPLICATE](https://github.com/WildWestCyberSecurity/CVE-2019-13288/blob/main/STEPS_TAKEN_TO_REPLICATE.md)
**Note**: This PoC is intended for educational and research purposes only. Unauthorized use against systems without explicit permission is unethical and may be illegal. Dont be bad!
---
## Mitigation
* **Upgrade Xpdf**: If available, update to a version of Xpdf where this vulnerability is patched.
* **Input Validation**: Implement strict validation for PDF files before processing, especially if they originate from untrusted sources.
* **Sandboxing**: Run PDF processing applications in a sandboxed environment to limit potential damage from malicious files.
* **Resource Limiting**: Configure system resource limits to prevent a single process from consuming excessive resources, mitigating the impact of potential DoS attacks.
---
## References
* National Vulnerability Database: [CVE-2019-13288](https://nvd.nist.gov/vuln/detail/CVE-2019-13288)
* GitHub Advisory Database: [GHSA-prrp-xgrg-xvgp](https://github.com/advisories/GHSA-prrp-xgrg-xvgp)
* PanguL4b PoC Repository: [stack-overflow\_dos\_Parser\_\_getObj](https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj)
* Guided Hacking: [Linux Fuzzing with AFL - Xpdf CVE-2019-13288](https://guidedhacking.com/threads/linux-fuzzing-with-afl-xpdf-cve-2019-13288.20567/)
---
## Acknowledgments
This analysis was inspired by the methodologies presented in [Antonio Morales' Fuzzing101 guide](https://github.com/antonio-morales/Fuzzing101). The vulnerability was initially identified through fuzzing techniques, highlighting the effectiveness of such approaches in uncovering hidden software flaws.
Antionio-Morales da goat! Thankyou without your research i would not been able to replicate!
---
## Disclaimer
This information is provided for educational and research purposes only. The author is not responsible for any misuse of the information contained herein. Always ensure you have proper authorization before testing or exploiting vulnerabilities on any system.
文件快照
[4.0K] /data/pocs/b48f2728c6c68b995c606b9cd4d2e05593f321d5
├── [4.0K] EXPLOIT.pdf
├── [3.9K] README.md
└── [1.9K] STEPS_TAKEN_TO_REPLICATE.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。