CVE-2020-36024 - Exploiting the freedesktop Poppler Denial of Service Vulnerability in Version 20.12.1

A vulnerability (CVE-2020-36024) has been discovered in a popular open-source PDF rendering library, freedesktop Poppler, that could be exploited by remote attackers to cause a Denial of Service (DoS) attack. This post will focus on the details of this vulnerability, how it can be exploited, and steps that can be taken to mitigate the risk. We will also include code snippets, links to the original references, and explanation of the exploit.

Background

freedesktop Poppler is an open-source PDF rendering library used by various applications to display and interact with PDF files. It serves as the basis for several well-known applications, including Evince, Okular, and pdftohtml, where it's responsible for converting PDF files to various output formats.

The Vulnerability (CVE-2020-36024)

The vulnerability in Poppler version 20.12.1 (CVE-2020-36024) allows remote attackers to cause a denial of service (DoS) via a carefully crafted PDF file that is passed to the FoFiType1C::convertToType1 function. When Poppler processes a PDF file, it may unknowingly parse the crafted PDF and trigger a memory corruption issue, ultimately resulting in a crash and DoS.

Exploiting the Vulnerability

To exploit this vulnerability, an attacker must first create a malicious PDF file that is structured in a way that triggers the memory corruption when Poppler processes it. The attacker then merely needs to send this PDF file to their target, either via email or as a downloadable link on a website. When the victim opens the PDF file with an application that uses Poppler, their application will crash, leading to a DoS.

Code Snippet

This code snippet demonstrates the part of the Poppler library that is vulnerable. The specific function involved is FoFiType1C::convertToType1:

...
void FoFiType1C::convertToType1(char *psName, GBool needUniqueID, FoFiOutputFunc outputFunc, void *outputStream) {
...
// Convert the CID-keyed Type  font to a Type 1 font.
...
}

For a full view of the source code, please refer to the freedesktop Poppler repository on GitLab: https://gitlab.freedesktop.org/poppler/poppler/

More details about this vulnerability can be found in the following references

- CVE Details: https://www.cvedetails.com/cve/CVE-2020-36024
- NIST National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/detail/CVE-2020-36024

Mitigation Steps

To protect against this vulnerability, users should update their freedesktop Poppler libraries to a version higher than 20.12.1. As of now, the latest stable version is 21.08.. Updating the library can typically be done by running a command such as (depending on the package manager used):

sudo apt-get update && sudo apt-get upgrade

or

sudo yum update poppler

Conclusion

The CVE-2020-36024 vulnerability in the freedesktop Poppler library highlights the importance of staying up-to-date with the latest security patches for all software components used in an application. Timely patching, combined with proper security hygiene and awareness, can help minimize the impact of potential attacks, keeping users and systems safe from cyber threats like denial of service attacks and other associated risks.

Timeline

Published on: 08/11/2023 14:15:00 UTC
Last modified on: 08/17/2023 02:09:00 UTC