Medium severity6.5NVD Advisory· Published Sep 17, 2018· Updated Jun 17, 2026
CVE-2018-14320
CVE-2018-14320
Description
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4(expand)+ 1 more
- (no CPE)
- (no CPE)range: 0.9.5
- osv-coords2 versionspkg:rpm/opensuse/podofo-0_10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/podofo&distro=openSUSE%20Tumbleweed
< 0.10.5-1.1+ 1 more
- (no CPE)range: < 0.10.5-1.1
- (no CPE)range: < 0.9.7-2.2
Patches
Vulnerability mechanics
References
1- zerodayinitiative.com/advisories/ZDI-18-1046nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.