Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:577
HistoryNov 28, 2006 - 12:00 a.m.

Haru Free PDF Library HPDF_Page_Circle缓冲区溢出漏洞

2006-11-2800:00:00
Root
www.seebug.org
31
JSON

HARU是一款免费的的跨平台函数库,用于生成PDF。

HARU在处理畸形的PDF数据时存在漏洞,远程攻击者可能利用此漏洞导致HARU崩溃。

HARU的hpdf_page_operator.c文件中HPDF_Page_Circle函数所使用的缓冲区char buf[HPDF_TMP_BUF_SIZ]没有正确地验证用户输入。如果用户受骗打开了特制的PDF文件的话,就可能触发缓冲区溢出,导致拒绝服务。

Takeshi Kanno Kanno Haru Free PDF Library <= 2.0.7
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://downloads.sourceforge.net/libharu/libharu_2_0_8.tgz?modtime=1164290689&amp;big_mirror=0” target=“_blank”>http://downloads.sourceforge.net/libharu/libharu_2_0_8.tgz?modtime=1164290689&amp;big_mirror=0</a>


                                                创建以下PDF文件:

273.43738 735.40338 m
273.43738 736.73358 274.51694 737.81317 275.84714 737.81317 c
277.17734 737.81317 278.2569 736.73358 278.2569 735.40338 c
278.2569 734.07318 277.17734 732.99359 275.84714 732.99359
JSON