PDF Form Filling and Flattening Tool Buffer Overflow

               Virtual Security Research, LLC.
                      Security Advisory


Advisory Name: PDF Form Filling and Flattening Tool Buffer Overflow
 Release Date: 2006-05-23
  Application: PDF Tools AG - PDF Form Filling and Flattening Tool
      Version: 3.0 (Windows)
               (other versions and platforms untested)
     Severity: High
       Author: George D. Gal <ggal_at_vsecurity.com>
Vendor Status: Vendor Notified, Fix Available
CVE Candidate: CVE-2006-2549

Product Description:

> From the pdf-tools.com website[1]:

 "PDF Tools AG is a world leader in PDF (The Adobe Portable Document Format) programming technology, delivering reliable PDF products to international customers in virtually all market segments."

 "PDF Form Filling and Flattening Tool is a command line tool that can
  create, edit, fill in and delete form fields in a PDF document."

Vulnerability Overview:

On April 18th, 2006 VSR has identified a stack overflow in the PDF Tools AG PDF Form Filling and Flattening tool.  Although this is a traditional 
command line utility there may be a risk to those users of the application 
who use it within web application or a network service, particularly when 
relying on user supplied input to generate the PDF form field name or value pairs.

In situations where user supplied input is used to populate a control file 
of name value pairs without sufficient input validation the form field 
names are susceptible to overflow.  The buffer overflow occurs as a 
direct result of unsafe string copy operations to a 256 byte fixed length 
buffer. The binary is also susceptible to overflows of the PDF form field 
names when specified on the command line instead of within a control file.

The following command may be used to check for the existence of the 
vulnerability in the PDF form filling and flattening tool:

./pdformp.exe input.pdf output.pdf `perl -e 'print "A"x260;'`=foo

Vendor Response:

PDF Tools AG was first notified on 2006-04-19. The following time line 
outlines the responses from the vendor regarding this issue:

 2006-04-20 - Acknowledgment of security notification received from VSR.
              Vendor stated that they only support registered customers
              of the product.
 2006-05-02 - Vendor response acknowledging overflow which will be 
              resolved in the next pre-release version.
 2006-05-10 - Vendor response providing estimated release schedule.
 2006-05-15 - Vendor response notifying VSR of publicly released fix.

PDF Tools AG customers should upgrade to the latest build of the PDF
Form Filling and Flattening tool (build released on
May 10th 2006.

The upgrade is available via:



Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.




1. PDF Tools AG Form Filling and Flattening Tool


Vulnerability Disclosure Policy:



Copyright 2006 Virtual Security Research, LLC. All rights reserved.

To view the advisory as a txt. click here.

Editor’s note: This work was originally published by VSR on their website at https://www.vsecurity.com/resources/advisories.htmlVSR is now a part of NCC Group, so we have migrated this content to research.nccgroup.com. The advisory text as above has been copy-pasted to this blog for historical reference.

Call us before you need us.

Our experts will help you.

Get in touch