CVE-2020-19466

Vulnerability

An invalid read of size 1 occurs in the DCTStream::transformDataUnit function of PDF2JSON version 0.70 (commit b671b64). This function is part of the DCT (JPEG) decoding stream and is triggered when processing a specially crafted PDF file. The issue was reported in the project's issue tracker [1].

Exploitation

An attacker can exploit this vulnerability by providing a malicious PDF file that causes the invalid read. No authentication or special privileges are required; the victim only needs to open the file with pdf2json. A proof-of-concept (PoC) file is available [1]. The crash is confirmed via Valgrind, showing an invalid read of size 1 at the function DCTStream::transformDataUnit.

Impact

Successful exploitation results in a denial of service (DoS) due to a segmentation fault (SIGSEGV). The application crashes, terminating the PDF processing. No code execution or data disclosure has been demonstrated.

Mitigation

As of the reference [1], no fix has been released for this issue. Users should avoid processing untrusted PDF files with PDF2JSON 0.70. No workaround is available. The project appears to be unmaintained, so upgrading to a patched version is not possible.