Podofo Security Vulnerabilities and Issues — Podofo CVE List

Lucene search

Podofo ProjectPodofo

6 matches found

CVE•added 2019/12/30 4:15 a.m.•144 views

CVE-2019-20093

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

5.5CVSS5.1AI score0.00747EPSS

CVE•added 2019/02/04 7:29 p.m.•80 views

CVE-2018-20751

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, whi...

8.8CVSS6.4AI score0.00437EPSS

CVE•added 2019/04/03 6:29 p.m.•76 views

CVE-2019-10723

An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

5.5CVSS5.4AI score0.00165EPSS

CVE•added 2019/02/27 5:29 p.m.•75 views

CVE-2018-20797

An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.

6.5CVSS6.3AI score0.0025EPSS

CVE•added 2019/02/26 11:29 p.m.•74 views

CVE-2019-9199

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspeci...

8.8CVSS7.1AI score0.00468EPSS

CVE•added 2019/03/11 4:29 p.m.•70 views

CVE-2019-9687

PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.

9.8CVSS7.4AI score0.0057EPSS