Podofo Security Vulnerabilities and Issues — Podofo CVE List

Lucene search

Podofo ProjectPodofo

10 matches found

CVE•added 2017/05/05 7:29 a.m.•143 views

CVE-2017-8787

The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.

8.8CVSS9.3AI score0.0045EPSS

CVE•added 2018/03/09 7:29 p.m.•84 views

CVE-2018-8002

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

8.8CVSS8.6AI score0.02048EPSS

CVE•added 2019/02/04 7:29 p.m.•80 views

CVE-2018-20751

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, whi...

8.8CVSS6.4AI score0.00437EPSS

CVE•added 2019/02/26 11:29 p.m.•74 views

CVE-2019-9199

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspeci...

8.8CVSS7.1AI score0.00468EPSS

CVE•added 2018/03/09 7:29 p.m.•72 views

CVE-2018-8000

In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted...

8.8CVSS8.8AI score0.03509EPSS

CVE•added 2018/11/26 2:29 a.m.•67 views

CVE-2018-19532

A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.

8.8CVSS8.2AI score0.00336EPSS

CVE•added 2023/05/10 4:15 p.m.•39 views

CVE-2023-31556

podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.

8.8CVSS6.3AI score0.00094EPSS

CVE•added 2023/05/10 4:15 p.m.•38 views

CVE-2023-31567

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

8.8CVSS8.8AI score0.00132EPSS

CVE•added 2023/05/10 4:15 p.m.•34 views

CVE-2023-31566

Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

8.8CVSS8.6AI score0.00107EPSS

CVE•added 2023/05/10 4:15 p.m.•33 views

CVE-2023-31568

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.

8.8CVSS8.9AI score0.00159EPSS