High severity8.8NVD Advisory· Published Mar 9, 2018· Updated Jun 17, 2026
CVE-2018-8000
CVE-2018-8000
Description
In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: =0.9.5
- osv-coords7 versionspkg:deb/ubuntu/libpodofo@0.9.0-1.2ubuntu0.1~esm1?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/libpodofo@0.9.3-4?arch=source&distro=esm-apps/xenialpkg:deb/ubuntu/libpodofo@0.9.5-9?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/libpodofo@0.9.6+dfsg-5build1?arch=source&distro=focalpkg:deb/ubuntu/libpodofo@0.9.7+dfsg-3?arch=source&distro=jammypkg:deb/ubuntu/libpodofo@0.9.8+dfsg-3.1build3?arch=source&distro=noblepkg:deb/ubuntu/libpodofo@0.9.8+dfsg-3.1build3?arch=source&distro=oracular
>= 0+ 6 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
Vulnerability mechanics
References
2- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingThird Party Advisory
- sourceforge.net/p/podofo/tickets/13/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.