1019 matches found
MGASA-2026-0229 Updated podofo packages fix security vulnerabilities
Podofo v0.9.8 shares some of the vulnerable code that was discovered in Podofo v0.10.0. This package fixes that. CVE-2023-31567 Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. CVE-2023-31568 Podofo v0.10.0 was discovered ...
Updated podofo packages fix security vulnerabilities
Podofo v0.9.8 shares some of the vulnerable code that was discovered in Podofo v0.10.0. This package fixes that. CVE-2023-31567 Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. CVE-2023-31568 Podofo v0.10.0 was discovered ...
SUSE SLES15 Security Update : podofo (SUSE-SU-2026:2309-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2309-1 advisory. This update for podofo fixes the following issue: - CVE-2026-44348: double-free in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp...
Security update for podofo
This update for podofo fixes the following issue: CVE-2026-44348: double-free in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp bsc1265320. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:2309-1 Security update for podofo
This update for podofo fixes the following issue: - CVE-2026-44348: double-free in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp bsc1265320...
[SECURITY] Fedora 43 Update: podofo-1.0.4-1.fc43
PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...
Fedora 43 : podofo (2026-19873e3fac)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-19873e3fac advisory. Update to podof-1.0.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 44 : podofo (2026-5c81faa7bf)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5c81faa7bf advisory. Update to podof-1.0.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Linux Distros Unpatched Vulnerability : CVE-2026-44348
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in...
Astra Linux – Vulnerability in libpodofo
A stack-based buffer overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service through the ‘src/base/PdfDictionary.cpp:65’ component...
Astra Linux – Vulnerability in libpodofo
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp, which may lead to a stack overflow. Remote attackers could exploit this vulnerability to cause a denial-of-service attack, or potentially cause other unspecified impacts...
Astra Linux – Vulnerability in libpodofo
A flaw was discovered in PoDoFo 0.9.7. An uncontrolled recursive call within the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow issue...
Astra Linux – Vulnerability in libpodofo
A flaw was discovered in PoDoFo 0.9.7. An uncontrolled recursive call within the functions PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant, and PdfTokenizer::ReadDataType can lead to a stack overflow issue...
SUSE CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348
A flaw was found in PoDoFo, a C++17 PDF manipulation library. A double-free vulnerability exists in the computehashtosign function. This can occur if EVPDigestFinal fails after a buffer has already been freed, leading to heap corruption. This vulnerability could allow a local attacker to cause a...
CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
UBUNTU-CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348 PoDoFo: Double-free vulnerability in compute_hash_to_sign()
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348
PoDoFo 1.0.0 through before 1.0.4 contains a double‑free in compute_hash_to_sign() (OpenSSLInternal_Ripped.cpp). If EVP_DigestFinal fails after buf has already been freed, the Error path frees buf a second time, causing heap corruption. A fix is available in 1.0.4. Affected installations should u...