Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the readXRefStreamEntry function of the file PdfXRefStreamParserObject.cpp. Remediation Upgrade podofo to version 0.10.4 or higher. References - GitHub Commit - GitHub Issue...

CVE-2023-2241

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to th...

CVE-2023-2241

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to th...

UBUNTU-CVE-2023-2241

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to th...

CVE-2023-2241

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to th...

PT-2023-18484 · Podofo · Podofo

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.10.0 Description: A critical vulnerability was found in PoDoFo, affecting the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack must be...

SUSE CVE-2017-8787

The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted PDF file...

PoDoFo Denial of Service Vulnerability (CNVD-2017-07617)

PoDoFo is an open source , written in C++ using the PDF file format library . A denial of service vulnerability exists in the 'PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry' function in the base/PdfXRefStreamParserObject.cpp file in PoDoFo version 0.9.5. ' function is vulnerable to a...

UBUNTU-CVE-2017-8787

The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted PDF file...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service heap-based buffer over-read or possibly ha...

CVE-2017-8787

CVE-2017-8787 affects PoDoFo 0.9.5 and targets the ReadXRefStreamEntry path in PoDoFo::PdfXRefStreamParserObject.cpp, causing a heap-based buffer over-read when processing crafted PDFs, with potential denial of service or other impact. Publicly documented fixes are included in PoDoFo 0.9.6, as re...