Vendor CVEs
Podofo Project
All CVEs
64 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2241 | 0.00 | — | 0.00 | Apr 22, 2023 | A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has… | |||
| CVE-2020-18972 | 0.00 | — | 0.01 | Aug 25, 2021 | Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||
| CVE-2020-18971 | 0.00 | — | 0.01 | Aug 25, 2021 | Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | |||
| CVE-2021-30472 | 0.00 | — | 0.01 | May 26, 2021 | A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. | |||
| CVE-2021-30471 | 0.00 | — | 0.01 | May 26, 2021 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. | |||
| CVE-2021-30470 | 0.00 | — | 0.01 | May 26, 2021 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | |||
| CVE-2021-30469 | 0.00 | — | 0.01 | May 26, 2021 | A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. | |||
| CVE-2019-20093 | 0.00 | — | 0.01 | Dec 30, 2019 | The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. | |||
| CVE-2019-10723 | 0.00 | — | 0.01 | Apr 3, 2019 | An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | |||
| CVE-2019-9687 | 0.00 | — | 0.02 | Mar 11, 2019 | PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. | |||
| CVE-2018-20797 | 0.00 | — | 0.01 | Feb 27, 2019 | An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. | |||
| CVE-2019-9199 | 0.00 | — | 0.03 | Feb 26, 2019 | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or… | |||
| CVE-2018-20751 | 0.00 | — | 0.02 | Feb 4, 2019 | An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this… | |||
| CVE-2018-19532 | 0.00 | — | 0.02 | Nov 26, 2018 | A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. |
- CVE-2023-2241Apr 22, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has…
- CVE-2020-18972Aug 25, 2021risk 0.00cvss —epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.
- CVE-2020-18971Aug 25, 2021risk 0.00cvss —epss 0.01
Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
- CVE-2021-30472May 26, 2021risk 0.00cvss —epss 0.01
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
- CVE-2021-30471May 26, 2021risk 0.00cvss —epss 0.01
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
- CVE-2021-30470May 26, 2021risk 0.00cvss —epss 0.01
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
- CVE-2021-30469May 26, 2021risk 0.00cvss —epss 0.01
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
- CVE-2019-20093Dec 30, 2019risk 0.00cvss —epss 0.01
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
- CVE-2019-10723Apr 3, 2019risk 0.00cvss —epss 0.01
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.
- CVE-2019-9687Mar 11, 2019risk 0.00cvss —epss 0.02
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
- CVE-2018-20797Feb 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.
- CVE-2019-9199Feb 26, 2019risk 0.00cvss —epss 0.03
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or…
- CVE-2018-20751Feb 4, 2019risk 0.00cvss —epss 0.02
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this…
- CVE-2018-19532Nov 26, 2018risk 0.00cvss —epss 0.02
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
Page 2 of 2