Login Sign Up

CVE-2020-23872

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-23872 is a NULL pointer dereference vulnerability in pdf2xml v2.0 that allows attackers to cause a denial of service (DoS) by crashing the application. This affects systems running pdf2xml v2.0 when processing malicious PDF files. Users and applications that convert PDF files to XML using this software are vulnerable.

💻 Affected Systems

Products:
  • pdf2xml
Versions: Version 2.0
Operating Systems: All operating systems where pdf2xml runs
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration when processing PDF files through the TextPage::restoreState function.

📦 What is this software?

Pdf2xml by Science Miner

View all CVEs affecting Pdf2xml →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potentially disrupting PDF processing workflows and dependent systems.

🟠

Likely Case

Application crash when processing specially crafted PDF files, requiring manual restart of the pdf2xml process.

🟢

If Mitigated

Minimal impact if proper input validation and error handling are implemented, with the application gracefully handling malformed files.

🌐 Internet-Facing: MEDIUM - Exploitation requires attackers to supply malicious PDF files, which could occur through file upload features or automated processing systems.
🏢 Internal Only: MEDIUM - Internal users or automated systems could trigger the vulnerability by processing malicious PDF files, potentially disrupting internal workflows.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept code is publicly available, making exploitation straightforward for attackers with access to malicious PDF files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check upstream repository for fixes

Vendor Advisory: https://github.com/kermitt2/pdf2xml/issues/10

Restart Required: Yes

Instructions:

1. Check the upstream GitHub repository for patches. 2. Apply available fixes or update to a patched version. 3. Restart any services using pdf2xml.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict input validation for PDF files before processing with pdf2xml

Process isolation

linux

Run pdf2xml in isolated containers or sandboxes to limit impact of crashes

docker run --rm -v $(pwd):/data pdf2xml

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to pdf2xml services
  • Monitor for application crashes and implement automatic restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check if pdf2xml version 2.0 is installed and being used for PDF processing

Check Version:

pdf2xml --version or check installation directory for version information

Verify Fix Applied:

Test with known malicious PDF files from PoC repositories to ensure application doesn't crash

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Segmentation fault errors
  • Unexpected process termination

Network Indicators:

  • Unusual PDF file uploads to systems using pdf2xml

SIEM Query:

source="application.log" AND ("segmentation fault" OR "null pointer" OR "pdf2xml crash")

📊 Metadata

CVE ID: CVE-2020-23872
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: November 10, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23872, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)