Replicated using afl fuzzer instrumentation! Shoutz to antonio-morales.# CVE-2019-13288 – Infinite Recursion in Xpdf's Parser::getObj()
## Overview
**CVE-2019-13288** is a vulnerability identified in **Xpdf version 4.01.01**, specifically within the `Parser::getObj()` function in `Parser.cc`. This flaw can lead to **infinite recursion** when processing a specially crafted PDF file, resulting in a **Denial of Service (DoS)** condition. The vulnerability is akin to **CVE-2018-16646** and underscores the importance of robust input validation in recursive functions.
---
## Technical Details
* **CVE ID**: [CVE-2019-13288](https://nvd.nist.gov/vuln/detail/CVE-2019-13288)
* **Affected Software**: Xpdf 4.01.01
* **Vulnerability Type**: Uncontrolled Recursion (CWE-674)
* **Impact**: Denial of Service (DoS)
* **CVSS v3.0 Base Score**: 5.5 (Medium)
* **Vector**: AV\:L/AC\:L/PR\:N/UI\:R/S\:U/C\:N/I\:N/A\:H
### Vulnerable Function: `Parser::getObj()`
The `Parser::getObj()` function is responsible for parsing objects within a PDF file. In Xpdf 4.01.01, this function lacks adequate checks to prevent infinite recursion. An attacker can craft a PDF file with a malicious object structure that causes `getObj()` to call itself recursively without termination, leading to stack exhaustion and application crash.
---
## Exploitation
### Attack Vector
An attacker crafts a malicious PDF file with a specific object structure designed to trigger infinite recursion in the `Parser::getObj()` function. When this file is processed by Xpdf or any application utilizing its library, the application enters an endless recursive loop, consuming system resources and eventually crashing.
### Proof of Concept
A proof-of-concept (PoC) PDF file demonstrating this vulnerability is available below in this repo.
* CVE-2019-13288-POC: [CVE-2019-13288-POC-PDF](https://github.com/WildWestCyberSecurity/CVE-2019-13288/blob/main/EXPLOIT.pdf)
For step by step to see how it was replicated see below:
* Steps to replicate: [STEPS_TAKEN_TO_REPLICATE](https://github.com/WildWestCyberSecurity/CVE-2019-13288/blob/main/STEPS_TAKEN_TO_REPLICATE.md)
**Note**: This PoC is intended for educational and research purposes only. Unauthorized use against systems without explicit permission is unethical and may be illegal. Dont be bad!
---
## Mitigation
* **Upgrade Xpdf**: If available, update to a version of Xpdf where this vulnerability is patched.
* **Input Validation**: Implement strict validation for PDF files before processing, especially if they originate from untrusted sources.
* **Sandboxing**: Run PDF processing applications in a sandboxed environment to limit potential damage from malicious files.
* **Resource Limiting**: Configure system resource limits to prevent a single process from consuming excessive resources, mitigating the impact of potential DoS attacks.
---
## References
* National Vulnerability Database: [CVE-2019-13288](https://nvd.nist.gov/vuln/detail/CVE-2019-13288)
* GitHub Advisory Database: [GHSA-prrp-xgrg-xvgp](https://github.com/advisories/GHSA-prrp-xgrg-xvgp)
* PanguL4b PoC Repository: [stack-overflow\_dos\_Parser\_\_getObj](https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj)
* Guided Hacking: [Linux Fuzzing with AFL - Xpdf CVE-2019-13288](https://guidedhacking.com/threads/linux-fuzzing-with-afl-xpdf-cve-2019-13288.20567/)
---
## Acknowledgments
This analysis was inspired by the methodologies presented in [Antonio Morales' Fuzzing101 guide](https://github.com/antonio-morales/Fuzzing101). The vulnerability was initially identified through fuzzing techniques, highlighting the effectiveness of such approaches in uncovering hidden software flaws.
Antionio-Morales da goat! Thankyou without your research i would not been able to replicate!
---
## Disclaimer
This information is provided for educational and research purposes only. The author is not responsible for any misuse of the information contained herein. Always ensure you have proper authorization before testing or exploiting vulnerabilities on any system.
[4.0K] /data/pocs/b48f2728c6c68b995c606b9cd4d2e05593f321d5
├── [4.0K] EXPLOIT.pdf
├── [3.9K] README.md
└── [1.9K] STEPS_TAKEN_TO_REPLICATE.md
0 directories, 3 files