CVE-2017-18267 in Poppler
Summary
by MITRE
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/26/2020
The vulnerability identified as CVE-2017-18267 represents a critical denial of service flaw within the Poppler PDF rendering library, specifically affecting versions through 0.64.0. This issue manifests in the FoFiType1C::cvtGlyph function located in the fofi/FoFiType1C.cc source file, where improper handling of malformed PDF content can lead to infinite recursion during the processing of Type1C font data. The vulnerability is particularly concerning because it can be triggered remotely through crafted PDF files, making it exploitable in various real-world scenarios including web browsing, email attachments, and document processing systems.
The technical nature of this flaw stems from insufficient input validation and recursive function handling within the font processing subsystem of Poppler. When the FoFiType1C::cvtGlyph function encounters malformed Type1C font data in a PDF file, it fails to properly terminate recursive calls, resulting in an infinite recursion loop that consumes system resources and ultimately causes the application to become unresponsive. This behavior directly violates the principle of bounded execution and proper error handling that should be implemented in any robust software system. The vulnerability is classified under CWE-674, which specifically addresses "Uncontrolled Recursion," and aligns with ATT&CK technique T1499.004 for resource exhaustion attacks. The infinite recursion occurs during the conversion process when pdftops utility processes the malicious PDF content, making this a particularly dangerous flaw for any system that relies on Poppler for PDF rendering operations.
The operational impact of CVE-2017-18267 extends beyond simple service disruption, as it can be leveraged to create significant resource exhaustion conditions that may affect system availability and performance. When exploited, this vulnerability allows attackers to consume excessive CPU cycles and memory resources, potentially leading to system crashes or making the affected system unavailable to legitimate users. The flaw affects not only individual applications but also entire systems that depend on Poppler for PDF processing, including web servers, document management systems, and security scanning tools. Organizations using Poppler in production environments face substantial risk of denial of service attacks that could compromise service availability and potentially impact business operations. The vulnerability demonstrates a fundamental weakness in the library's defensive programming practices and highlights the importance of implementing proper recursion limits and input validation mechanisms. Security practitioners should consider this vulnerability as part of broader denial of service attack vectors and ensure that their systems include proper monitoring and rate-limiting controls to detect and prevent exploitation attempts. The remediation approach requires updating to Poppler versions that contain patches addressing the infinite recursion issue, while also implementing defensive measures such as input sanitization and resource monitoring to mitigate potential impacts from unpatched systems.