Exploit Title: NULL pointer dereference
# Exploit Author: Dhiraj Mishra
# Vendor Homepage: https://www.xpdfreader.com/
# Software Link: https://www.xpdfreader.com/download.html
# CVE: CVE-2019-17064
# References:
# https://nvd.nist.gov/vuln/detail/CVE-2019-17064
# https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890
*Summary:*
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because
Catalog.pageLabels is initialized too late in the Catalog constructor.
*BT:*
#0 0x00005555556d1dce in Catalog::~Catalog (this=<optimized out>,
__in_chrg=<optimized out>)
at /home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295
#1 0x0000555555a1b1d1 in PDFDoc::setup2 (repairXRef=0, userPassword=0x0,
ownerPassword=0x0, this=0x607000000090)
at /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:312
#2 PDFDoc::setup (this=0x607000000090, ownerPassword=0x0,
userPassword=0x0) at /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:261
#3 0x0000555555a1bb84 in PDFDoc::PDFDoc (this=0x607000000090,
fileNameA=<optimized out>, ownerPassword=<optimized out>,
userPassword=<optimized out>, coreA=<optimized out>) at
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:208
#4 0x0000555555674ffb in main (argc=<optimized out>, argv=<optimized out>)
at /home/input0/Desktop/xpdf-4.02/xpdf/pdfdetach.cc:119
*ASAN:*
==28603==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x55d7a4eaadce bp 0x6070000000dc sp 0x7ffc6078b640 T0)
==28603==The signal is caused by a READ memory access.
==28603==Hint: address points to the zero page.
#0 0x55d7a4eaadcd in Catalog::~Catalog()
/home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295
#1 0x55d7a51f41d0 in PDFDoc::setup2(GString*, GString*, int)
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:312
#2 0x55d7a51f41d0 in PDFDoc::setup(GString*, GString*)
/home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:261
#3 0x55d7a51f4b83 in PDFDoc::PDFDoc(char*, GString*, GString*,
PDFCore*) /home/input0/Desktop/xpdf-4.02/xpdf/PDFDoc.cc:208
#4 0x55d7a4e4dffa in main
/home/input0/Desktop/xpdf-4.02/xpdf/pdfdetach.cc:119
#5 0x7fd635ac1b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#6 0x55d7a4e50579 in _start
(/home/input0/Desktop/xpdf-4.02/build/xpdf/pdfdetach+0x123579)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/input0/Desktop/xpdf-4.02/xpdf/Catalog.cc:295 in Catalog::~Catalog()
==28603==ABORTING
* To reproduce: *
pdfdetach -list $POC