CVE-2024-28699
📋 TL;DR
A buffer overflow vulnerability in pdf2json v0.70 allows local attackers to execute arbitrary code by exploiting the GString::copy() and ImgOutputDev::ImgOutputDev functions. This affects systems running the vulnerable pdf2json software, potentially allowing privilege escalation or local code execution. The vulnerability requires local access to the system.
💻 Affected Systems
- pdf2json
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary code execution with the privileges of the pdf2json process, potentially leading to privilege escalation to root/admin.
Likely Case
Local privilege escalation or execution of malicious code within the context of the pdf2json process.
If Mitigated
Limited impact if pdf2json runs with minimal privileges and proper sandboxing/isolation.
🎯 Exploit Status
Exploitation requires local access and crafting of malicious PDF files. The vulnerability is in specific functions that handle string copying and image output device initialization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check GitHub repository for latest version (v0.71 or later expected to fix)
Vendor Advisory: https://github.com/flexpaper/pdf2json/issues/52
Restart Required: No
Instructions:
1. Check current version with 'pdf2json --version' or similar. 2. Update to latest version from GitHub repository. 3. Recompile if using source code. 4. Replace existing binary with patched version.
🔧 Temporary Workarounds
Restrict PDF processing
allLimit pdf2json usage to trusted PDF files only and implement input validation
Run with minimal privileges
linuxExecute pdf2json with lowest possible user privileges to limit impact
sudo -u lowprivilegeuser pdf2json [options]
🧯 If You Can't Patch
- Remove or disable pdf2json if not essential
- Implement strict access controls and monitor for suspicious PDF processing
🔍 How to Verify
Check if Vulnerable:
Check if pdf2json version 0.70 is installed: 'pdf2json --version' or check package managerCheck Version:
pdf2json --versionVerify Fix Applied:
Verify updated to version later than 0.70: 'pdf2json --version' should show v0.71 or higher📡 Detection & Monitoring
Log Indicators:
- Process crashes of pdf2json
- Unusual PDF file processing patterns
- Memory access violation errors
Network Indicators:
- N/A - local vulnerability
SIEM Query:
Process:pdf2json AND (EventID:1000 OR ExceptionCode:c0000005)