VYPR

Podofo

by Podofo Project

Source repositories

CVEs (64)

  • CVE-2017-5854MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2017-5852MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

  • CVE-2025-9394MedAug 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack…

  • CVE-2026-44348LowMay 14, 2026
    risk 0.09cvss 2.5epss 0.00

    PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second…

  • CVE-2025-46205Oct 1, 2025
    risk 0.00cvss epss 0.00

    A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue.

  • CVE-2023-31567May 10, 2023
    risk 0.00cvss epss 0.01

    Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

  • CVE-2023-31555May 10, 2023
    risk 0.00cvss epss 0.01

    podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.

  • CVE-2023-31566May 10, 2023
    risk 0.00cvss epss 0.01

    Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

  • CVE-2023-31568May 10, 2023
    risk 0.00cvss epss 0.01

    Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.

  • CVE-2023-31556May 10, 2023
    risk 0.00cvss epss 0.01

    podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.

  • CVE-2023-2241Apr 22, 2023
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has…

  • CVE-2020-18972Aug 25, 2021
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

  • CVE-2020-18971Aug 25, 2021
    risk 0.00cvss epss 0.01

    Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.

  • CVE-2021-30472May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.

  • CVE-2021-30471May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

  • CVE-2021-30470May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

  • CVE-2021-30469May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

  • CVE-2019-20093Dec 30, 2019
    risk 0.00cvss epss 0.01

    The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

  • CVE-2019-10723Apr 3, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

  • CVE-2019-9687Mar 11, 2019
    risk 0.00cvss epss 0.02

    PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.