CVE-2018-14947

Vulnerability

In PDF2JSON version 0.69, the function XmlFontAccu::CSStyle in XmlFonts.cc allocates memory with operator new[] but frees it with operator delete instead of operator delete[]. This mismatch leads to undefined behavior, including memory corruption. The bug is triggered when parsing a specially crafted PDF file that invokes the CSStyle function. [2]

Exploitation

An attacker can exploit this vulnerability by supplying a malicious PDF file that, when processed by pdf2json, triggers the XmlFontAccu::CSStyle function. The tool must be run with the crafted PDF as input. No authentication or special privileges are required; the attack is remote if the victim opens the file. The AddressSanitizer trace confirms the mismatch occurs during execution of CSStyle. [2]

Impact

Successful exploitation can cause memory corruption, potentially leading to a denial of service (crash) or, in some cases, arbitrary code execution depending on memory layout. The exact impact is not fully detailed in the references, but mismatched allocation/deallocation is a common source of exploitable vulnerabilities.

Mitigation

As of the publication date (2018-08-05), no official patch has been released for PDF2JSON 0.69. Users should avoid processing untrusted PDF files with this version. Upgrading to a newer version that fixes the issue, if available, is recommended. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.