Podofo Security Vulnerabilities and Issues — Podofo CVE List

Lucene search

Podofo ProjectPodofo

34 matches found

CVE•added 2017/04/22 10:59 p.m.•150 views

CVE-2017-8054

The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.

5.5CVSS6.4AI score0.00402EPSS

CVE•added 2017/03/15 2:59 p.m.•146 views

CVE-2017-6845

The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.6AI score0.00214EPSS

CVE•added 2019/12/30 4:15 a.m.•144 views

CVE-2019-20093

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

5.5CVSS5.1AI score0.00747EPSS

CVE•added 2017/03/15 2:59 p.m.•143 views

CVE-2017-6847

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.4AI score0.00402EPSS

CVE•added 2017/04/03 5:59 a.m.•143 views

CVE-2017-7380

The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.6AI score0.00239EPSS

CVE•added 2018/01/09 5:29 a.m.•143 views

CVE-2018-5309

In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

5.5CVSS6.2AI score0.00232EPSS

CVE•added 2017/04/03 5:59 a.m.•141 views

CVE-2017-7378

The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

5.5CVSS6.6AI score0.00239EPSS

CVE•added 2018/01/08 7:29 a.m.•139 views

CVE-2018-5295

In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

5.5CVSS6.9AI score0.00374EPSS

CVE•added 2017/04/03 5:59 a.m.•136 views

CVE-2017-7379

The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

5.5CVSS6.7AI score0.00239EPSS

CVE•added 2018/01/08 7:29 a.m.•135 views

CVE-2018-5296

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

5.5CVSS6.3AI score0.00374EPSS

CVE•added 2017/03/01 3:59 p.m.•121 views

CVE-2017-5854

base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

5.5CVSS6.6AI score0.00127EPSS

CVE•added 2017/03/15 2:59 p.m.•121 views

CVE-2017-6840

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.

5.5CVSS6.6AI score0.00106EPSS

CVE•added 2017/03/01 3:59 p.m.•119 views

CVE-2017-5852

The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

5.5CVSS6.6AI score0.0024EPSS

CVE•added 2017/03/01 3:59 p.m.•118 views

CVE-2017-5855

The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.6AI score0.0019EPSS

CVE•added 2017/04/03 5:59 a.m.•80 views

CVE-2017-7382

The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.8AI score0.00413EPSS

CVE•added 2017/04/03 5:59 a.m.•78 views

CVE-2017-7381

The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.8AI score0.00413EPSS

CVE•added 2018/05/18 7:29 p.m.•78 views

CVE-2018-11254

An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.

5.5CVSS6.3AI score0.00402EPSS

CVE•added 2018/05/18 7:29 p.m.•76 views

CVE-2018-11255

An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.2AI score0.00232EPSS

CVE•added 2018/01/19 8:29 a.m.•76 views

CVE-2018-5783

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

5.5CVSS6.2AI score0.00374EPSS

CVE•added 2019/04/03 6:29 p.m.•76 views

CVE-2019-10723

An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

5.5CVSS5.4AI score0.00165EPSS

CVE•added 2017/04/03 5:59 a.m.•73 views

CVE-2017-7383

The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.8AI score0.00413EPSS

CVE•added 2017/04/22 9:59 p.m.•72 views

CVE-2017-8053

PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

5.5CVSS6AI score0.00349EPSS

CVE•added 2021/05/26 10:15 p.m.•71 views

CVE-2021-30469

A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

5.5CVSS5.3AI score0.00168EPSS

CVE•added 2017/03/15 2:59 p.m.•69 views

CVE-2017-6848

The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.6AI score0.00402EPSS

CVE•added 2018/01/27 3:29 p.m.•69 views

CVE-2018-6352

In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.

5.5CVSS5.3AI score0.00374EPSS

CVE•added 2017/03/15 2:59 p.m.•66 views

CVE-2017-6849

The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS5.3AI score0.00201EPSS

CVE•added 2018/06/29 5:29 a.m.•65 views

CVE-2018-12982

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.

5.5CVSS6.4AI score0.00374EPSS

CVE•added 2021/05/26 10:15 p.m.•65 views

CVE-2021-30470

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

5.5CVSS5.3AI score0.00044EPSS

CVE•added 2021/05/26 10:15 p.m.•64 views

CVE-2021-30471

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

5.5CVSS5.2AI score0.00044EPSS

CVE•added 2017/03/15 2:59 p.m.•58 views

CVE-2017-6846

The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS5.3AI score0.00402EPSS

CVE•added 2017/03/15 2:59 p.m.•47 views

CVE-2017-6841

The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS5.3AI score0.00101EPSS

CVE•added 2017/03/15 2:59 p.m.•46 views

CVE-2017-6842

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.6AI score0.00101EPSS

CVE•added 2021/08/25 4:15 p.m.•39 views

CVE-2020-18971

Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.

5.5CVSS5.4AI score0.00102EPSS

CVE•added 2021/08/25 4:15 p.m.•39 views

CVE-2020-18972

Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

5.5CVSS5.1AI score0.00167EPSS