VYPR
Vendor

Podofo Project

Products
1
CVEs
64
Across products
64
Status
Private

Products

1

Recent CVEs

64
View all 64 CVEs →
  • CVE-2017-8378CriMay 1, 2017
    risk 0.64cvss 9.8epss 0.02

    Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.

  • CVE-2015-8981CriMar 16, 2017
    risk 0.64cvss 9.8epss 0.03

    Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.

  • CVE-2018-8002HigMar 9, 2018
    risk 0.61cvss 8.8epss 0.08

    In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact…

  • CVE-2018-8000HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.03

    In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute…

  • CVE-2017-8787HigMay 5, 2017
    risk 0.57cvss 8.8epss 0.02

    The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.

  • CVE-2018-12983HigJun 29, 2018
    risk 0.51cvss 7.8epss 0.01

    A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.

  • CVE-2018-8001HigMar 9, 2018
    risk 0.51cvss 7.8epss 0.01

    In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

  • CVE-2018-5308HigJan 9, 2018
    risk 0.51cvss 7.8epss 0.01

    PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

  • CVE-2017-6844HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-6843HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-5886HigMar 1, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-5853HigMar 1, 2017
    risk 0.51cvss 7.8epss 0.01

    Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2018-14320MedSep 17, 2018
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

  • CVE-2018-11256MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7994MedApr 21, 2017
    risk 0.42cvss 6.5epss 0.03

    The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2018-12982MedJun 29, 2018
    risk 0.36cvss 5.5epss 0.01

    Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.

  • CVE-2018-11255MedMay 18, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2018-11254MedMay 18, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.

  • CVE-2018-6352MedJan 27, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.

  • CVE-2018-5783MedJan 19, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.