Vigil@nce - Poppler: denial of service via DCTStream
October 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a PDF document containing a malformed JPEG
image, to generate an error in the DCTStream of Poppler, in order
to trigger a denial of service.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 18/09/2013
DESCRIPTION OF THE VULNERABILITY
The Poppler software displays PDF documents.
A PDF document can contain a JPEG image. The JPEG compression uses
the DCT (Discrete Cosine Transform) algorithm.
The DCTStream class of Poppler performs the DCT transformation.
However, if the image is malformed, the error is not correctly
propagated.
An attacker can therefore create a PDF document containing a
malformed JPEG image, to generate an error in the DCTStream of
Poppler, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Poppler-denial-of-service-via-DCTStream-13442