Note: This is an old bug post for educational purposes only. It has been fixed in latest supported versions of ClamAV.
aCaB writes:
Hi,
the "new" pdf parser in git comes with terrible complexity and no limits or mitigations of sort (in fact not even best practices like bailing out on cli_calloc's failure).
Because of that it's easy to trick pdf_extract_obj into a huge pdf_parse_dict/pdf_parse_array loop, with more heap consumed at each round.
Depending on the available system resources, it's possible to trigger the kernel OOM killer or to make clamd/clamscan crawl for several minutes on a very small file.
[Here is a proof of concept]
poc_sample.pdf
HtH,
-- aCaB
Note: This is an old bug post for educational purposes only. It has been fixed in latest supported versions of ClamAV.
aCaB writes:
Hi,
the "new" pdf parser in git comes with terrible complexity and no limits or mitigations of sort (in fact not even best practices like bailing out on cli_calloc's failure).
Because of that it's easy to trick pdf_extract_obj into a huge pdf_parse_dict/pdf_parse_array loop, with more heap consumed at each round.
Depending on the available system resources, it's possible to trigger the kernel OOM killer or to make clamd/clamscan crawl for several minutes on a very small file.
[Here is a proof of concept]
poc_sample.pdf
HtH,
-- aCaB