CVE-2020-23878

Vulnerability

pdf2json version 0.71 is vulnerable to a stack buffer overflow in the XRef::fetch function within XRef.cc [1][2]. The issue occurs when parsing a specially crafted PDF file that causes recursive calls between XRef::fetch and ObjectStream::ObjectStream, leading to stack exhaustion [2]. The vulnerability is reachable via the pdf2json command-line tool when processing a malicious PDF.

Exploitation

An attacker can exploit this vulnerability by providing a crafted PDF file to the pdf2json utility. No authentication or special privileges are required; the attacker only needs to convince a user to open the malicious PDF with pdf2json. The PoC demonstrates that the stack overflow is triggered during the parsing of the PDF's cross-reference table and object streams [1][2]. The ASAN output shows a stack overflow with repeated calls between XRef::fetch and ObjectStream::ObjectStream [2].

Impact

Successful exploitation causes a stack buffer overflow, which can lead to a denial of service (application crash) as shown by the AddressSanitizer stack-overflow error [1][2]. In some environments, this may be leveraged for arbitrary code execution, though the provided references only confirm a crash.

Mitigation

As of the publication date (2021-11-10), no official patch has been released for pdf2json v0.71. Users should avoid processing untrusted PDF files with pdf2json until a fix is available. The project appears to be unmaintained; consider using alternative PDF parsing libraries.