From 1c5220a55e0df63c122ad172debd86763512f09d Mon Sep 17 00:00:00 2001 Subject: [PATCH] Fix CVE-2018-12123 --- .../java/org/apache/pdfbox/pdfparser/COSParser.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java b/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java index 524f2f5..751f4f1 100644 --- a/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java +++ b/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java @@ -2239,12 +2239,12 @@ public class COSParser extends BaseParser COSBase pages = root.getDictionaryObject(COSName.PAGES); if (pages instanceof COSDictionary) { - checkPagesDictionary((COSDictionary) pages); + checkPagesDictionary((COSDictionary) pages, new HashSet()); } } } - private int checkPagesDictionary(COSDictionary pagesDict) + private int checkPagesDictionary(COSDictionary pagesDict, Set set) { // check for kids COSBase kids = pagesDict.getDictionaryObject(COSName.KIDS); @@ -2256,6 +2256,11 @@ public class COSParser extends BaseParser for (COSBase kid : kidsList) { COSObject kidObject = (COSObject) kid; + if (set.contains(kidObject)) + { + kidsArray.remove(kid); + continue; + } COSBase kidBaseobject = kidObject.getObject(); // object wasn't dereferenced -> remove it if (kidBaseobject.equals(COSNull.NULL)) @@ -2270,7 +2275,8 @@ public class COSParser extends BaseParser if (COSName.PAGES.equals(type)) { // process nested pages dictionaries - numberOfPages += checkPagesDictionary(kidDictionary); + set.add(kidObject); + numberOfPages += checkPagesDictionary(kidDictionary, set); } else if (COSName.PAGE.equals(type)) { -- 2.23.0