VYPR

Vendor CVEs

Podofo Project

All CVEs

64 total · sorted by risk
  • CVE-2017-8378CriMay 1, 2017
    risk 0.64cvss 9.8epss 0.02

    Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.

  • CVE-2015-8981CriMar 16, 2017
    risk 0.64cvss 9.8epss 0.03

    Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.

  • CVE-2018-8002HigMar 9, 2018
    risk 0.61cvss 8.8epss 0.08

    In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact…

  • CVE-2018-8000HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.03

    In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute…

  • CVE-2017-8787HigMay 5, 2017
    risk 0.57cvss 8.8epss 0.02

    The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.

  • CVE-2018-12983HigJun 29, 2018
    risk 0.51cvss 7.8epss 0.01

    A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.

  • CVE-2018-8001HigMar 9, 2018
    risk 0.51cvss 7.8epss 0.01

    In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

  • CVE-2018-5308HigJan 9, 2018
    risk 0.51cvss 7.8epss 0.01

    PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

  • CVE-2017-6844HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-6843HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-5886HigMar 1, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-5853HigMar 1, 2017
    risk 0.51cvss 7.8epss 0.01

    Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2018-14320MedSep 17, 2018
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

  • CVE-2018-11256MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7994MedApr 21, 2017
    risk 0.42cvss 6.5epss 0.03

    The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2018-12982MedJun 29, 2018
    risk 0.36cvss 5.5epss 0.01

    Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.

  • CVE-2018-11255MedMay 18, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2018-11254MedMay 18, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.

  • CVE-2018-6352MedJan 27, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.

  • CVE-2018-5783MedJan 19, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

  • CVE-2018-5309MedJan 9, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

  • CVE-2018-5296MedJan 8, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

  • CVE-2018-5295MedJan 8, 2018
    risk 0.36cvss 5.5epss 0.01

    In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

  • CVE-2017-8054MedApr 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.

  • CVE-2017-8053MedApr 22, 2017
    risk 0.36cvss 5.5epss 0.01

    PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

  • CVE-2017-7383MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7382MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7381MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7380MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2017-7379MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

  • CVE-2017-7378MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

  • CVE-2017-6849MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6848MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6847MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6846MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6845MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6842MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6841MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-6840MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.

  • CVE-2017-5855MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

  • CVE-2017-5854MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2017-5852MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

  • CVE-2025-9394MedAug 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack…

  • CVE-2026-44348LowMay 14, 2026
    risk 0.09cvss 2.5epss 0.00

    PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second…

  • CVE-2025-46205Oct 1, 2025
    risk 0.00cvss epss 0.00

    A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue.

  • CVE-2023-31567May 10, 2023
    risk 0.00cvss epss 0.01

    Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

  • CVE-2023-31555May 10, 2023
    risk 0.00cvss epss 0.01

    podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.

  • CVE-2023-31566May 10, 2023
    risk 0.00cvss epss 0.01

    Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

  • CVE-2023-31568May 10, 2023
    risk 0.00cvss epss 0.01

    Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.

  • CVE-2023-31556May 10, 2023
    risk 0.00cvss epss 0.01

    podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.

Page 1 of 2