CVE-2020-23879 – CVE-2020-23879 is a NULL pointer dereference vu... (How to Fix)

Q: What is the severity of CVE-2020-23879?

CVE-2020-23879 has a CVSS score of 7.5 (HIGH). CVE-2020-23879 is a NULL pointer dereference vulnerability in pdf2json v0.71 that can cause denial of service (DoS) through application crashes. This affects any system or application using the vulnerable pdf2json library to parse PDF files. Attackers can exploit this by providing specially crafted PDF files to trigger the crash.

📋 TL;DR

CVE-2020-23879 is a NULL pointer dereference vulnerability in pdf2json v0.71 that can cause denial of service (DoS) through application crashes. This affects any system or application using the vulnerable pdf2json library to parse PDF files. Attackers can exploit this by providing specially crafted PDF files to trigger the crash.

💻 Affected Systems

Products:

pdf2json

Versions: Version 0.71 specifically

Operating Systems: All platforms running pdf2json

Default Config Vulnerable: ⚠️ Yes

Notes: Any application or service using pdf2json v0.71 for PDF parsing is vulnerable regardless of configuration.

📦 What is this software?

Pdf2json by Flowpaper

View all CVEs affecting Pdf2json →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service through application crash, potentially disrupting PDF processing services and causing system instability.

🟠

Likely Case

Application crash when processing malicious PDF files, leading to service interruption and potential data loss in processing queues.

🟢

If Mitigated

Application restart required after crash, with potential loss of in-process PDF conversions but no remote code execution.

🌐 Internet-Facing: HIGH if PDF upload/processing is exposed to untrusted users, as exploitation requires only PDF file submission.

🏢 Internal Only: MEDIUM if internal users can upload PDFs, but lower than internet-facing due to reduced attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available on GitHub showing crash trigger. Exploitation requires only PDF file submission to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 0.71 (check latest release)

Vendor Advisory: https://github.com/flexpaper/pdf2json/issues/44

Restart Required: Yes

Instructions:

1. Check current pdf2json version. 2. Update to latest version from GitHub repository. 3. Rebuild and redeploy any applications using pdf2json. 4. Restart affected services.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict PDF file validation before passing to pdf2json parser

Process isolation

linux

Run pdf2json in isolated containers or processes with automatic restart on crash

docker run --restart=always [your_pdf2json_container]

🧯 If You Can't Patch

Implement strict file upload restrictions and PDF validation before processing
Deploy monitoring and automatic restart mechanisms for pdf2json processes

🔍 How to Verify

Check if Vulnerable:

Check if pdf2json version is 0.71: 'pdf2json --version' or check package/installation version

Check Version:

pdf2json --version 2>&1 | grep -i version

Verify Fix Applied:

Test with known malicious PDF from PoC repository after update - application should not crash

📡 Detection & Monitoring

Log Indicators:

Application crash logs
Segmentation fault errors
Unexpected process termination

Network Indicators:

Multiple PDF uploads followed by service interruption
Failed PDF processing requests

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "null pointer" OR "pdf2json crash")

📊 Metadata

CVE ID: CVE-2020-23879

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: November 10, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/Aurorainfinity/Poc/tree/master/pdf2json Exploit,Third Party Advisory
https://github.com/flexpaper/pdf2json/issues/44 Exploit,Third Party Advisory
https://github.com/Aurorainfinity/Poc/tree/master/pdf2json Exploit,Third Party Advisory
https://github.com/flexpaper/pdf2json/issues/44 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23879, you might also want to check these: