Security update for podofo

This update for podofo fixes the following issues: fixed a free-after-use in PdfTokenizer bsc1249105 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your produc...

SUSE-SU-2025:03533-1 Security update for podofo

This update for podofo fixes the following issues: - fixed a free-after-use in PdfTokenizer bsc1249105...

EUVD-2025-25714

Malicious code in bioql PyPI...

PT-2025-40287

Name of the Vulnerable Software and Affected Versions podofo versions 0.10.0 through 0.10.5 Description A heap-use-after-free issue exists in the PdfTokenizer::ReadDictionary function. This allows attackers to potentially cause a Denial of Service DoS by providing a specially crafted PDF file...

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

UBUNTU-CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

CVE-2025-9394

PoDoFo 1.1.0-dev is affected by CVE-2025-9394 in the PdfTokenizer::DetermineDataType function within PdfTokenizer.cpp (PDF Dictionary Parser). The issue enables a use-after-free condition that can be triggered by manipulating the file locally, with the exploit already published. A patch/commit to...

PoDoFo 安全漏洞

PoDoFo is a free portable C++ library open-sourced by PoDoFo. A security vulnerability exists in PoDoFo version 1.1.0-dev, which originates from a post-release reuse of the PdfTokenizer::DetermineDataType function in the src/podofo/main/PdfTokenizer.cpp file...

PT-2025-34570 · Podofo +1 · Podofo +1

Name of the Vulnerable Software and Affected Versions: PoDoFo version 1.1.0-dev Description: A flaw has been identified in the PDF Dictionary Parser component of PoDoFo. The issue resides within the PdfTokenizer::DetermineDataType function in the file src/podofo/main/PdfTokenizer.cpp. Manipulatio...

SUSE CVE-2021-30470

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant and PdfTokenizer::ReadDataType functions can lead to a stack overflow...

PoDoFo 'PoDoFo::PdfTokenizer::GetNextToken()' function heap buffer overflow vulnerability

PoDoFo is an open source , written in C++ using the PDF file format library . PoDoFo 0.9.5 version of the PdfTokenizer.cpp file in the 'PoDoFo::PdfTokenizer::GetNextToken' function has a heap buffer overflow vulnerability. A remote attacker could exploit this vulnerability with a specially crafte...

DEBIAN-CVE-2017-5886

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file...

PT-2017-16737 · Podofo +4 · Podofo +4

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.4 Description: A heap-based buffer overflow issue exists in the PoDoFo::PdfTokenizer::GetNextToken function, located in PdfTokenizer.cpp. This issue can be triggered by remote attackers using a crafted file, potentially...