Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Podofo
(Podofo_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 61 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-22 | CVE-2023-2241 | A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this... | Podofo | 7.8 | ||
| 2018-06-29 | CVE-2018-12983 | A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. | Podofo | 7.8 | ||
| 2019-02-26 | CVE-2019-9199 | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | Fedora, Podofo | 8.8 | ||
| 2019-03-11 | CVE-2019-9687 | PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. | Fedora, Podofo | 9.8 | ||
| 2019-12-30 | CVE-2019-20093 | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. | Fedora, Podofo | 5.5 | ||
| 2023-05-10 | CVE-2023-31555 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. | Podofo | 6.5 | ||
| 2023-05-10 | CVE-2023-31556 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. | Podofo | 6.5 | ||
| 2023-05-10 | CVE-2023-31567 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. | Podofo | 8.8 | ||
| 2023-05-10 | CVE-2023-31566 | Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). | Podofo | 8.8 | ||
| 2023-05-10 | CVE-2023-31568 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. | Podofo | 8.8 |