Closed hdthky closed 2 years ago
Reproduced, as with the others it is highly unlikely this can result in information disclosure since this is overflowing an allocated buffer for some reason but it will cause a crash of HTMLDOC without writing any output...
[master ffb68b6] Fix another heap overflow issue (Issue #482)
Description
Whilst experimenting with
htmldoc
, built from commit 0bef12c, we are able to induce a vulnerability athtmldoc/htmldoc/ps-pdf.cxx:3371
in functionpdf_write_links
, using a harness compiled fromhtmldoc/htmldoc.cxx
.Because there is no bounds checking, a heap-based out-of-bound read will be triggered when the software encounters a malformed file, result in information disclosure or denial of service.
Environment
Ubuntu 20.04
gcc 10.3.0 with ASAN
Proof of Concept
The POC is: poc_heap_overflow5
The command is:
./htmldoc --webpage -t pdf -f /dev/null poc_heap_overflow5
The ASAN report is:
Impact
This vulnerability is capable of inducing information disclosure or denial of service.