5 matches found
CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
UBUNTU-CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348
PoDoFo 1.0.0 through before 1.0.4 contains a double‑free in compute_hash_to_sign() (OpenSSLInternal_Ripped.cpp). If EVP_DigestFinal fails after buf has already been freed, the Error path frees buf a second time, causing heap corruption. A fix is available in 1.0.4. Affected installations should u...
CVE-2026-44348 PoDoFo: Double-free vulnerability in compute_hash_to_sign()
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
AZL-13301 CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...