Lucene search
GoogleOSV:CVE-2023-31566HistoryMay 10, 2023 - 4:15 p.m.
CVE-2023-31566
2023-05-1016:15:12
Google
osv.dev
2
podofo
v0.10.0
heap-use-after-free
pdfencrypt
ismetadataencrypted
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.3%
Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
| CPE | Name | Operator | Version |
|---|---|---|---|
| podofo | eq | 0.10.0-rc2 | |
| podofo | eq | 0.10.0 | |
| podofo | eq | PoDoFo-next | |
| podofo | eq | 0.10.0-rc1 |
References
Related
debiancve
debiancve
CVE-2023-31566
2023-05-10 16:15:12
alpinelinux
alpinelinux
CVE-2023-31566
2023-05-10 16:15:00
prion
prion
Heap overflow
2023-05-10 16:15:00
ubuntucve
ubuntucve
CVE-2023-31566
2023-05-10 00:00:00
nvd
nvd
CVE-2023-31566
2023-05-10 16:15:12
cve
cve
CVE-2023-31566
2023-05-10 16:15:12
cvelist
cvelist
CVE-2023-31566
2023-05-10 00:00:00
veracode
veracode
Use After Free
2023-05-21 08:39:18
nessus
nessus
GLSA-202405-33 : PoDoFo: Multiple Vulnerabilities
2024-05-12 00:00:00
gentoo
gentoo
PoDoFo: Multiple Vulnerabilities
2024-05-12 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.3%
Related for OSV:CVE-2023-31566