[SECURITY] Fedora 43 Update: podofo-1.0.4-1.fc43

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

Linux Distros Unpatched Vulnerability : CVE-2026-44348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in...

CVE-2026-44348

A flaw was found in PoDoFo, a C++17 PDF manipulation library. A double-free vulnerability exists in the computehashtosign function. This can occur if EVPDigestFinal fails after a buffer has already been freed, leading to heap corruption. This vulnerability could allow a local attacker to cause a...

UBUNTU-CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

EUVD-2026-30337

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

Astra Linux - уязвимость в libpodofo

A stack-based buffer overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service through the ‘src/base/PdfDictionary.cpp:65’ component...

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the ReadDictionary function. An attacker can trigger application crashes or potentially execute arbitrary code by supplying a specially crafted PDF file. Remediation There is no fixed version for podofo. References -...

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

Linux Distros Unpatched Vulnerability : CVE-2018-12982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact...

Linux Distros Unpatched Vulnerability : CVE-2018-20751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in croppage in PoDoFo 0.9.6. For a crafted PDF document, pPage-GetObject-GetDictionary.AddKeyPdfNameMediaBox,var can be problematic due ...

Linux Distros Unpatched Vulnerability : CVE-2017-7383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a...

CVE-2025-9394

PoDoFo 1.1.0-dev is affected by CVE-2025-9394 in the PdfTokenizer::DetermineDataType function within PdfTokenizer.cpp (PDF Dictionary Parser). The issue enables a use-after-free condition that can be triggered by manipulating the file locally, with the exploit already published. A patch/commit to...

PoDoFo 安全漏洞

PoDoFo is a free portable C++ library open-sourced by PoDoFo. A security vulnerability exists in PoDoFo version 1.1.0-dev, which originates from a post-release reuse of the PdfTokenizer::DetermineDataType function in the src/podofo/main/PdfTokenizer.cpp file...

Linux Distros Unpatched Vulnerability : CVE-2017-6845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service NULL pointer dereference via a...

Linux Distros Unpatched Vulnerability : CVE-2017-7382

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a...

Linux Distros Unpatched Vulnerability : CVE-2015-8981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors...

Linux Distros Unpatched Vulnerability : CVE-2017-5852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service infinite loo...