rpm package
suse/podofo&distro=SUSE Linux Enterprise Workstation Extension 12 SP5
pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-20093 | — | < 0.9.2-3.12.1 | 0.9.2-3.12.1 | Dec 30, 2019 | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. | ||
| CVE-2019-10723 | — | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Apr 3, 2019 | An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | ||
| CVE-2019-9199 | — | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Feb 26, 2019 | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or po | ||
| CVE-2018-12983 | Hig | 7.8 | < 0.9.2-3.15.1 | 0.9.2-3.15.1 | Jun 29, 2018 | A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. | |
| CVE-2018-5308 | Hig | 7.8 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Jan 9, 2018 | PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. | |
| CVE-2017-8378 | Cri | 9.8 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | May 1, 2017 | Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. | |
| CVE-2015-8981 | Cri | 9.8 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Mar 16, 2017 | Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. | |
| CVE-2017-6849 | Med | 5.5 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Mar 15, 2017 | The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-6845 | Med | 5.5 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Mar 15, 2017 | The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-6842 | Med | 5.5 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Mar 15, 2017 | The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-6841 | Med | 5.5 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Mar 15, 2017 | The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |
| CVE-2017-6840 | Med | 5.5 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Mar 15, 2017 | The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. | |
| CVE-2017-5854 | Med | 5.5 | < 0.9.2-3.21.1 | 0.9.2-3.21.1 | Mar 1, 2017 | base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. |
- CVE-2019-20093Dec 30, 2019affected < 0.9.2-3.12.1fixed 0.9.2-3.12.1
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
- CVE-2019-10723Apr 3, 2019affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.
- CVE-2019-9199Feb 26, 2019affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or po
- affected < 0.9.2-3.15.1fixed 0.9.2-3.15.1
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.
- affected < 0.9.2-3.21.1fixed 0.9.2-3.21.1
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.