Podofo@0.9.6 Security Vulnerabilities and Issues — Podofo@0.9.6 CVE List

Lucene search

Podofo ProjectPodofo0.9.6

11 matches found

CVE•added 2019/12/30 4:15 a.m.•144 views

CVE-2019-20093

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

5.5CVSS5.1AI score0.00747EPSS

CVE•added 2019/02/04 7:29 p.m.•80 views

CVE-2018-20751

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, whi...

8.8CVSS6.4AI score0.00437EPSS

CVE•added 2018/06/29 5:29 a.m.•78 views

CVE-2018-12983

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.

7.8CVSS5.9AI score0.00497EPSS

CVE•added 2019/04/03 6:29 p.m.•76 views

CVE-2019-10723

An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

5.5CVSS5.4AI score0.00165EPSS

CVE•added 2019/02/27 5:29 p.m.•75 views

CVE-2018-20797

An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.

6.5CVSS6.3AI score0.0025EPSS

CVE•added 2019/02/26 11:29 p.m.•74 views

CVE-2019-9199

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspeci...

8.8CVSS7.1AI score0.00468EPSS

CVE•added 2019/03/11 4:29 p.m.•70 views

CVE-2019-9687

PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.

9.8CVSS7.4AI score0.0057EPSS

CVE•added 2018/11/26 2:29 a.m.•67 views

CVE-2018-19532

A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.

8.8CVSS8.2AI score0.00336EPSS

CVE•added 2018/06/29 5:29 a.m.•65 views

CVE-2018-12982

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.

5.5CVSS6.4AI score0.00374EPSS

CVE•added 2021/08/25 4:15 p.m.•39 views

CVE-2020-18971

Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.

5.5CVSS5.4AI score0.00102EPSS

CVE•added 2021/08/25 4:15 p.m.•39 views

CVE-2020-18972

Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

5.5CVSS5.1AI score0.00167EPSS