Submit #239227: itext7 itext7 8.0.2 out of memoryinfo

Titelitext7 itext7 8.0.2 out of memory
Beschreibungcom.itextpdf.kernel.pdf.PdfReader - Out Of Memory Error occurred while reading cross reference table. # Crash stack: The crash thread's stack is as follows: ``` Exception in thread "main" java.lang.OutOfMemoryError: Java heap space at java.base/java.util.Arrays.copyOf(Arrays.java:3720) at java.base/java.util.Arrays.copyOf(Arrays.java:3689) at java.base/java.util.ArrayList.grow(ArrayList.java:238) at java.base/java.util.ArrayList.grow(ArrayList.java:243) at java.base/java.util.ArrayList.add(ArrayList.java:486) at java.base/java.util.ArrayList.add(ArrayList.java:499) at com.itextpdf.kernel.pdf.PdfPagesTree.<init>(PdfPagesTree.java:91) at com.itextpdf.kernel.pdf.PdfCatalog.<init>(PdfCatalog.java:125) at com.itextpdf.kernel.pdf.PdfDocument.open(PdfDocument.java:1958) at com.itextpdf.kernel.pdf.PdfDocument.<init>(PdfDocument.java:259) at com.itextpdf.kernel.pdf.PdfDocument.<init>(PdfDocument.java:241) at com.test.Entry.main(Entry.java:30) ``` # Steps to reproduce: 1. Build the following java code with the corresponding itextpdf library. Please note that the version of iText7 used in our reproduction environment is 7.0.12, but the error was discovered in version 8.0.2. We did not modify the version because we wanted to report the error as soon as possible. You can update the version of the reproduction environment to the latest one for verification. ``` ## Download reproduce files from https://drive.google.com/drive/folders/1VbAXvpNWGGigLgQJA-4D5XRv8rHMMAut?usp=sharing cd itext7_env_reproduce bash build.sh ``` 2. Run the built program to see the crash by feeding the poc file from https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing ``` java -jar target/Entry-1.0-SNAPSHOT-jar-with-dependencies.jar /poc/OutOfMemoryError-4fa24c63008cf0716e08a6447278e65274c9c4a8 ```
Quelle⚠️ https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing
Benutzer
 Anonymous User
Einreichung16.11.2023 03:39 (vor 3 Jahren)
Moderieren26.11.2023 08:28 (10 days later)
StatusAkzeptiert
VulDB Eintrag246125 [Apryse iText 8.0.1 Reference Table PdfDocument.java Denial of Service]
Punkte20

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!