VYPR

rpm package

suse/podofo&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Vulnerabilities (25)

  • CVE-2017-5886HigMar 1, 2017
    affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1

    Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-5855MedMar 1, 2017
    affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1

    The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-5854MedMar 1, 2017
    affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1

    base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2017-5853HigMar 1, 2017
    affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1

    Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-5852MedMar 1, 2017
    affected < 0.9.2-3.3.1fixed 0.9.2-3.3.1

    The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

Page 2 of 2