Podofo Security Vulnerabilities and Issues — Podofo CVE List

Lucene search

Podofo ProjectPodofo

27 matches found

CVE•added 2017/05/01 1:59 a.m.•263 views

CVE-2017-8378

Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.

9.8CVSS9.7AI score0.0035EPSS

CVE•added 2017/03/01 3:59 p.m.•152 views

CVE-2017-5886

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

7.8CVSS8.7AI score0.00321EPSS

CVE•added 2017/03/15 2:59 p.m.•152 views

CVE-2017-6844

Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

7.8CVSS8.6AI score0.00557EPSS

CVE•added 2017/04/22 10:59 p.m.•150 views

CVE-2017-8054

The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.

5.5CVSS6.4AI score0.00402EPSS

CVE•added 2017/03/15 2:59 p.m.•146 views

CVE-2017-6845

The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.6AI score0.00214EPSS

CVE•added 2017/03/15 2:59 p.m.•143 views

CVE-2017-6847

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.4AI score0.00402EPSS

CVE•added 2017/04/03 5:59 a.m.•143 views

CVE-2017-7380

The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.6AI score0.00239EPSS

CVE•added 2017/05/05 7:29 a.m.•143 views

CVE-2017-8787

The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.

8.8CVSS9.3AI score0.0045EPSS

CVE•added 2017/04/21 4:59 p.m.•142 views

CVE-2017-7994

The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

6.5CVSS7.2AI score0.00645EPSS

CVE•added 2017/04/03 5:59 a.m.•141 views

CVE-2017-7378

The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

5.5CVSS6.6AI score0.00239EPSS

CVE•added 2017/04/03 5:59 a.m.•136 views

CVE-2017-7379

The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

5.5CVSS6.7AI score0.00239EPSS

CVE•added 2017/03/01 3:59 p.m.•121 views

CVE-2017-5854

base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

5.5CVSS6.6AI score0.00127EPSS

CVE•added 2017/03/15 2:59 p.m.•121 views

CVE-2017-6840

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.

5.5CVSS6.6AI score0.00106EPSS

CVE•added 2017/03/01 3:59 p.m.•119 views

CVE-2017-5852

The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

5.5CVSS6.6AI score0.0024EPSS

CVE•added 2017/03/01 3:59 p.m.•118 views

CVE-2017-5855

The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.6AI score0.0019EPSS

CVE•added 2017/03/01 3:59 p.m.•115 views

CVE-2017-5853

Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

7.8CVSS8.6AI score0.0024EPSS

CVE•added 2017/04/03 5:59 a.m.•80 views

CVE-2017-7382

The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.8AI score0.00413EPSS

CVE•added 2017/04/03 5:59 a.m.•78 views

CVE-2017-7381

The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.8AI score0.00413EPSS

CVE•added 2017/03/15 2:59 p.m.•75 views

CVE-2017-6843

Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

7.8CVSS8.7AI score0.00528EPSS

CVE•added 2017/04/03 5:59 a.m.•73 views

CVE-2017-7383

The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

5.5CVSS6.8AI score0.00413EPSS

CVE•added 2017/04/22 9:59 p.m.•72 views

CVE-2017-8053

PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

5.5CVSS6AI score0.00349EPSS

CVE•added 2017/03/15 2:59 p.m.•69 views

CVE-2017-6848

The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.6AI score0.00402EPSS

CVE•added 2017/03/15 2:59 p.m.•66 views

CVE-2017-6849

The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS5.3AI score0.00201EPSS

CVE•added 2017/03/15 2:59 p.m.•58 views

CVE-2017-6846

The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS5.3AI score0.00402EPSS

CVE•added 2017/03/16 3:59 p.m.•47 views

CVE-2015-8981

Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.

9.8CVSS9.6AI score0.00308EPSS

CVE•added 2017/03/15 2:59 p.m.•47 views

CVE-2017-6841

The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS5.3AI score0.00101EPSS

CVE•added 2017/03/15 2:59 p.m.•46 views

CVE-2017-6842

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

5.5CVSS6.6AI score0.00101EPSS