VYPR

rpm package

opensuse/podofo&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/podofo&distro=openSUSE%20Leap%2015.5

Vulnerabilities (12)

  • CVE-2019-10723Apr 3, 2019
    affected < 0.9.6-150300.3.9.1fixed 0.9.6-150300.3.9.1

    An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

  • CVE-2018-20797Feb 27, 2019
    affected < 0.9.6-150300.3.9.1fixed 0.9.6-150300.3.9.1

    An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.

  • CVE-2019-9199Feb 26, 2019
    affected < 0.9.6-150300.3.9.1fixed 0.9.6-150300.3.9.1

    PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or po

  • CVE-2018-8001HigMar 9, 2018
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

  • CVE-2018-5309MedJan 9, 2018
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

  • CVE-2017-8378CriMay 1, 2017
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.

  • CVE-2015-8981CriMar 16, 2017
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.

  • CVE-2017-6849MedMar 15, 2017
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6845MedMar 15, 2017
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6842MedMar 15, 2017
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6841MedMar 15, 2017
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6840MedMar 15, 2017
    affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1

    The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.