Title: Haru Free PDF Library HPDF_Page_Circle Buffer Overflow Vulnerability
Severity: MODERATE
Description:
The Haru Free PDF Library is a freely available, cross-platform library designed to create PDF files programatically.
This library is prone to a buffer-overflow vulnerability because it fails to perform proper boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.
Specifically, the 'HPDF_Page_Circle()' function in the 'hpdf_page_operator.c' source file fails to sufficiently sanitize user-supplied input. A statically allocated buffer of 256 bytes may be overrun when the affected function parses a malformed circle object.
Successfully exploiting this issue may result in crashing applications that use the library. Due to the nature of this issue, code execution may also be possible, but this has not been confirmed.
Haru Free PDF Library 2.0.7 and prior versions are vulnerable to this issue.
Affected Products:
- Takeshi Kanno Haru Free PDF Library 2.0.0
- Takeshi Kanno Haru Free PDF Library 2.0.1
- Takeshi Kanno Haru Free PDF Library 2.0.2
- Takeshi Kanno Haru Free PDF Library 2.0.3
- Takeshi Kanno Haru Free PDF Library 2.0.4
- Takeshi Kanno Haru Free PDF Library 2.0.5
- Takeshi Kanno Haru Free PDF Library 2.0.6
- Takeshi Kanno Haru Free PDF Library 2.0.7
References:
- Takeshi Kanno: Haru Free PDF Library Home Page
- Takeshi Kanno: Release Name: 2.0.8
- Takeshi Kanno: [ 1597538 ] Buffer overflow in HPDF_Page_Circle
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
