VYPR

rpm package

suse/podofo&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (13)

  • CVE-2019-20093Dec 30, 2019
    affected < 0.9.2-3.12.1fixed 0.9.2-3.12.1

    The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

  • CVE-2019-10723Apr 3, 2019
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

  • CVE-2019-9199Feb 26, 2019
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or po

  • CVE-2018-12983HigJun 29, 2018
    affected < 0.9.2-3.15.1fixed 0.9.2-3.15.1

    A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.

  • CVE-2018-5308HigJan 9, 2018
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

  • CVE-2017-8378CriMay 1, 2017
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.

  • CVE-2015-8981CriMar 16, 2017
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.

  • CVE-2017-6849MedMar 15, 2017
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6845MedMar 15, 2017
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6842MedMar 15, 2017
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6841MedMar 15, 2017
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6840MedMar 15, 2017
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.

  • CVE-2017-5854MedMar 1, 2017
    affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1

    base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.