This repository contains docker images for Xpdf version 4.04, which is vulnerable to CVE-2022-30524.
This repository contains the image in 3 flavours:
- bullseye/gcc: Debian "bullseye", built with gcc
- bullseye/afl: Debian "bullseye", built with afl-clang-fast++ (debug profile)
- focal/afl: Ubuntu 20.04 LTS (Focal Fossa), built with afl-clang-fast++ (debug profile)
Flavours that are just aliases to other flavours:
- bullseye → bullseye/gcc
Their Dockerfile are present in their respective directories in dockerfiles/
directory.
The repository is packaged with a Makefile for easier building of
the images. To build any image, run the following command:
make '<flavor-name>'
# Eg. if building the focal/afl profile
make focal/afl
# If you want to build all the images
makeThis will generate a Docker image interiit/xpdf:4.04-<flavor>. Running just
make builds all the images.
The repository contains the vulnerable version of Xpdf, as well as a few sample
PDF files. The pdftotext binary should work on pdfs/dummy.pdf,
but should abruptly give segmentation fault on pdfs/poc1.
To make sure that the files are not corrupted/altered, run make check. If the
command errors, it might mean that the files may be corrupted.