rpm package
suse/podofo&distro=SUSE Linux Enterprise Desktop 12 SP3
pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5886 | Hig | 7.8 | < 0.9.2-3.3.1 | 0.9.2-3.3.1 | Mar 1, 2017 | Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | |
| CVE-2017-5855 | Med | 5.5 | < 0.9.2-3.3.1 | 0.9.2-3.3.1 | Mar 1, 2017 | The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-5854 | Med | 5.5 | < 0.9.2-3.3.1 | 0.9.2-3.3.1 | Mar 1, 2017 | base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |
| CVE-2017-5853 | Hig | 7.8 | < 0.9.2-3.3.1 | 0.9.2-3.3.1 | Mar 1, 2017 | Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | |
| CVE-2017-5852 | Med | 5.5 | < 0.9.2-3.3.1 | 0.9.2-3.3.1 | Mar 1, 2017 | The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file. |
- affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1
Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
- affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1
The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
- affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1
Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
- affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1
The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.
Page 2 of 2