michaelhayman / origami-pdf

Automatically exported from code.google.com/p/origami-pdf
GNU Lesser General Public License v3.0
0 stars 0 forks source link

pdf2ruby: Cant parse and generate ruby for invalid/malicious pdfs #8

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Run pdf2ruby on malicious pdf that uses /Colors <int> where <int> is > then  
4

What is the expected output? What do you see instead?
Since this library and associated binaries are tailored to working with 
malicious pdfs it would be nice if pdf2ruby would be able to process such files 
instead I get:

$ pdf2ruby adobe_flatedecode_predictor02-exploit.pdf[*] Loading document 
'adobe_flatedecode_predictor02-exploit.pdf'
[*] Document successfully loaded into Origami
[*] Retrieving all indirect objects...
[*] Retrieving the document Catalog...
[*] Processing the object hierarchy...
origami-1.2.3/lib/origami/stream.rb:367:in `rescue in decode_data': Error while 
decoding stream 7 0 R (Origami::InvalidStreamObjectError)
    -> [Origami::Filter::PredictorError] Colors must be between 1 and 4

What version of the product are you using? On what operating system?
origami-1.2.3, ubuntu linux, ruby-1.9.2-p0 via rvm

Please provide any additional information below.
Consider the following attachment as an example which is a exploit generated by 
the metasploit adobe_flatedecode_predictor02 (with flate and encoding 
disabled).  Object 7 triggers the CVE 2009-3459 with an integer overflow 
(/Colors 1073741838 which is invalid as per the pdf specification).

Also I am really impressed with this gem!  Thanks for all the work!

Original issue reported on code.google.com by Dennison...@gmail.com on 20 Dec 2011 at 10:22

Attachments: