Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the PdfEncryptRC4 function in PdfEncrypt.cpp. Remediation Upgrade podofo to version 0.10.4 or higher. References - GitHub Commit - GitHub Issue...

Denial Of Services (DoS)

libpodofo.so is vulnerable to Denial Of Services DoS. The vulnerability exists due to the segmentation fault in the CreateFromObject function of PdfEncrypt.cpp, which allows an attacker to cause an application crash through the SIGSEGV error by providing a maliciously crafted pdf file...

Mageia: Security Advisory (MGASA-2020-0294)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-30472

CVE-2021-30472 affects PoDoFo 0.9.7. A stack-based buffer overflow is possible in PdfEncryptMD5Base::ComputeOwnerKey (PdfEncrypt.cpp) due to an improper check of the keyLength value. Documented across multiple feeds (NVD entry, CNVD/OSV entries, OSV Ubuntu/Debian, Alpine Linux, Nessus plugin) wit...

CVE-2018-12983

CVE-2018-12983 affects PoDoFo: a stack-based buffer over-read in PdfEncryptMD5Base::ComputeEncryptionKey() (PdfEncrypt.cpp) in PoDoFo 0.9.6-rc1 can be exploited remotely via a crafted PDF to cause a denial of service. Multiple advisories confirm a PoDoFo memory-handling issue leading to DoS when ...