Filtered by vendor Podofo Project
Subscribe
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2241 | 1 Podofo Project | 1 Podofo | 2024-05-17 | 4.3 MEDIUM | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability. | |||||
| CVE-2019-9687 | 2 Fedoraproject, Podofo Project | 2 Fedora, Podofo | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. | |||||
| CVE-2019-9199 | 2 Fedoraproject, Podofo Project | 2 Fedora, Podofo | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-20093 | 2 Fedoraproject, Podofo Project | 2 Fedora, Podofo | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. | |||||
| CVE-2018-12983 | 1 Podofo Project | 1 Podofo | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. | |||||
| CVE-2023-31555 | 1 Podofo Project | 1 Podofo | 2023-05-17 | N/A | 6.5 MEDIUM |
| podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. | |||||
| CVE-2023-31556 | 1 Podofo Project | 1 Podofo | 2023-05-17 | N/A | 6.5 MEDIUM |
| podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. | |||||
| CVE-2023-31566 | 1 Podofo Project | 1 Podofo | 2023-05-15 | N/A | 8.8 HIGH |
| Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). | |||||
| CVE-2023-31567 | 1 Podofo Project | 1 Podofo | 2023-05-15 | N/A | 8.8 HIGH |
| Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. | |||||
| CVE-2023-31568 | 1 Podofo Project | 1 Podofo | 2023-05-15 | N/A | 8.8 HIGH |
| Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. | |||||
| CVE-2021-30469 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2022-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. | |||||
| CVE-2021-30470 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2022-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | |||||
| CVE-2021-30471 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2022-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. | |||||
| CVE-2021-30472 | 1 Podofo Project | 1 Podofo | 2022-12-21 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. | |||||
| CVE-2020-18971 | 1 Podofo Project | 1 Podofo | 2021-09-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | |||||
| CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2021-09-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||||
| CVE-2018-8000 | 1 Podofo Project | 1 Podofo | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file. | |||||
| CVE-2019-10723 | 1 Podofo Project | 1 Podofo | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | |||||
| CVE-2018-14320 | 1 Podofo Project | 1 Podofo | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. | |||||
| CVE-2018-5296 | 1 Podofo Project | 1 Podofo | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. | |||||