Unrated severityOSV Advisory· Published Feb 26, 2019· Updated Aug 4, 2024
CVE-2019-9199
CVE-2019-9199
Description
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Range: =0.9.6
- osv-coords7 versionspkg:rpm/opensuse/podofo&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/podofo&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/podofo&distro=openSUSE%20Tumbleweedpkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 0.9.6-150300.3.9.1+ 6 more
- (no CPE)range: < 0.9.6-150300.3.9.1
- (no CPE)range: < 0.9.6-150300.3.9.1
- (no CPE)range: < 0.10.3-2.1
- (no CPE)range: < 0.9.6-150300.3.9.1
- (no CPE)range: < 0.9.6-150300.3.9.1
- (no CPE)range: < 0.9.2-3.21.1
- (no CPE)range: < 0.9.2-3.21.1
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/mitrevendor-advisory
- github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9mitre
- github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8mitre
- research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/mitre
- sourceforge.net/p/podofo/tickets/40/mitre
News mentions
0No linked articles in our index yet.