NULL Pointer Dereference in crop_page function of PoDoFo 0.9.6

NULL Pointer Dereference in crop_page function of PoDoFo 0.9.6

CVE-2018-20751 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.

Learn more about our Web Application Penetration Testing UK.