CVE-2019-14934
📋 TL;DR
This vulnerability in PDFResurrect allows attackers to trigger a malloc failure and out-of-bounds write by providing a malicious PDF file with an invalid size value. This could lead to arbitrary code execution or denial of service. Anyone using PDFResurrect versions before 0.18 to process untrusted PDF files is affected.
💻 Affected Systems
- PDFResurrect
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Pdfresurrect by Pdfresurrect Project
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the PDFResurrect process, potentially leading to full system compromise.
Likely Case
Denial of service (application crash) or limited memory corruption leading to unstable behavior.
If Mitigated
If proper input validation and sandboxing are in place, impact is limited to application crash.
🎯 Exploit Status
Exploitation requires crafting a malicious PDF file that triggers the size validation issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.18
Vendor Advisory: https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6
Restart Required: No
Instructions:
1. Update PDFResurrect to version 0.18 or later. 2. For Debian systems: apt-get update && apt-get install pdfresurrect. 3. For Fedora systems: dnf update pdfresurrect. 4. For source installation: git clone https://github.com/enferex/pdfresurrect.git, checkout v0.18+, compile and install.
🔧 Temporary Workarounds
Disable PDFResurrect processing
linuxTemporarily disable or remove PDFResurrect from systems until patched.
sudo apt-get remove pdfresurrect
sudo dnf remove pdfresurrect
Restrict PDF file sources
allOnly allow PDFResurrect to process PDF files from trusted sources.
🧯 If You Can't Patch
- Implement strict input validation for PDF files before processing with PDFResurrect.
- Run PDFResurrect in a sandboxed environment with limited privileges.
🔍 How to Verify
Check if Vulnerable:
Check PDFResurrect version: pdfresurrect --version. If version is below 0.18, system is vulnerable.Check Version:
pdfresurrect --versionVerify Fix Applied:
After update, run pdfresurrect --version and confirm version is 0.18 or higher.📡 Detection & Monitoring
Log Indicators:
- Application crashes of PDFResurrect
- Memory allocation failures in system logs
- Segmentation fault errors
Network Indicators:
- Unusual PDF file downloads to systems running PDFResurrect
SIEM Query:
source="*pdfresurrect*" AND ("segmentation fault" OR "malloc" OR "crash")🔗 References
- https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6
- https://github.com/enferex/pdfresurrect/compare/v0.17...v0.18
- https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DBYXYU2VSDJ3NAL54IW2KYD3TZSR33M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y243C2IFMRFQWHV62JCSHTMQGDDCICNF/
- https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6
- https://github.com/enferex/pdfresurrect/compare/v0.17...v0.18
- https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DBYXYU2VSDJ3NAL54IW2KYD3TZSR33M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y243C2IFMRFQWHV62JCSHTMQGDDCICNF/
