rpm package
suse/podofo&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6
pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10723 | — | < 0.9.6-150300.3.9.1 | 0.9.6-150300.3.9.1 | Apr 3, 2019 | An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | ||
| CVE-2018-20797 | — | < 0.9.6-150300.3.9.1 | 0.9.6-150300.3.9.1 | Feb 27, 2019 | An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. | ||
| CVE-2019-9199 | — | < 0.9.6-150300.3.9.1 | 0.9.6-150300.3.9.1 | Feb 26, 2019 | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or po | ||
| CVE-2018-8001 | Hig | 7.8 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | Mar 9, 2018 | In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. | |
| CVE-2018-5309 | Med | 5.5 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | Jan 9, 2018 | In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. | |
| CVE-2017-8378 | Cri | 9.8 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | May 1, 2017 | Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. | |
| CVE-2015-8981 | Cri | 9.8 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | Mar 16, 2017 | Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. | |
| CVE-2017-6849 | Med | 5.5 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | Mar 15, 2017 | The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-6845 | Med | 5.5 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | Mar 15, 2017 | The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-6842 | Med | 5.5 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | Mar 15, 2017 | The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-6841 | Med | 5.5 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | Mar 15, 2017 | The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-6840 | Med | 5.5 | < 0.9.6-150300.3.15.1 | 0.9.6-150300.3.15.1 | Mar 15, 2017 | The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. |
- CVE-2019-10723Apr 3, 2019affected < 0.9.6-150300.3.9.1fixed 0.9.6-150300.3.9.1
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.
- CVE-2018-20797Feb 27, 2019affected < 0.9.6-150300.3.9.1fixed 0.9.6-150300.3.9.1
An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.
- CVE-2019-9199Feb 26, 2019affected < 0.9.6-150300.3.9.1fixed 0.9.6-150300.3.9.1
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or po
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.6-150300.3.15.1fixed 0.9.6-150300.3.15.1
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.