VYPR

Vendor CVEs

Podofo Project

All CVEs

64 total · sorted by risk
  • CVE-2023-2241Apr 22, 2023
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has…

  • CVE-2020-18972Aug 25, 2021
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

  • CVE-2020-18971Aug 25, 2021
    risk 0.00cvss epss 0.01

    Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.

  • CVE-2021-30472May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.

  • CVE-2021-30471May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

  • CVE-2021-30470May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

  • CVE-2021-30469May 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

  • CVE-2019-20093Dec 30, 2019
    risk 0.00cvss epss 0.01

    The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

  • CVE-2019-10723Apr 3, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

  • CVE-2019-9687Mar 11, 2019
    risk 0.00cvss epss 0.02

    PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.

  • CVE-2018-20797Feb 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.

  • CVE-2019-9199Feb 26, 2019
    risk 0.00cvss epss 0.03

    PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or…

  • CVE-2018-20751Feb 4, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this…

  • CVE-2018-19532Nov 26, 2018
    risk 0.00cvss epss 0.02

    A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.

Page 2 of 2