CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30470 – Ubuntu Security Notice USN-7217-1
https://notcve.org/view.php?id=CVE-2021-30470
26 May 2021 — A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. Se encontró un fallo en PoDoFo versión 0.9.7. Una llamada recursiva no controlada entre las funciones PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() y PdfTokenizer::ReadDataType() puede conllevar a un desbordamiento de pila It was discovered that the PoDoFo library could dereference a NULL poi... • https://bugzilla.redhat.com/show_bug.cgi?id=1947436 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30469
https://notcve.org/view.php?id=CVE-2021-30469
26 May 2021 — A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. Se encontró un fallo en PoDoFo versión 0.9.7. Un uso de la memoria previamente liberada en la función PoDoFo::PdfVecObjects::Clear() puede causar una denegación de servicio por medio de un archivo PDF diseñado • https://bugzilla.redhat.com/show_bug.cgi?id=1947433 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-20093
https://notcve.org/view.php?id=CVE-2019-20093
30 Dec 2019 — The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. La función PoDoFo::PdfVariant::DelayedLoad en el archivo PdfVariant.h en PoDoFo versión 0.9.6, permite a atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL) por medio de un archivo diseñado, debido al archivo ImageExtractor.cpp. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTB2J5XWOEGAJYR2N66GAECUIKDG6O2S • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10723 – Ubuntu Security Notice USN-7217-1
https://notcve.org/view.php?id=CVE-2019-10723
03 Apr 2019 — An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. Se ha descubierto un problema en PoDoFo 0.9.6. La clase PdfPagesTreeCache en doc/PdfPagesTreeCache.cpp tiene un intento de asignación de memoria excesiva porque no se valida nInitialSize. It was discovered that the PoDoFo library could dereference a NULL pointer when getting the number of pages in a PDF. • https://sourceforge.net/p/podofo/tickets/46 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9687
https://notcve.org/view.php?id=CVE-2019-9687
11 Mar 2019 — PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. PoDoFo, en su versión 0.9.6, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en PdfString::ConvertUTF16toUTF8 en base/PdfString.cpp. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20797 – Ubuntu Security Notice USN-7217-1
https://notcve.org/view.php?id=CVE-2018-20797
27 Feb 2019 — An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. Se ha descubierto un problema en PoDoFo 0.9.6. Hay un intento de asignación de memoria excesiva en PoDoFo::podofo_calloc en base/PdfMemoryManagement.cpp cuando es llamado desde PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder en base/PdfFiltersPrivate.cpp. It was dis... • https://sourceforge.net/p/podofo/tickets/34 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2019-9199
https://notcve.org/view.php?id=CVE-2019-9199
26 Feb 2019 — PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. PoDoFo::Impose::PdfTranslator::setSource() en pdftranslator.cpp en la versión 0.9.6 de PoDoFo tiene una vulnerabilidad de desreferencia de puntero NULL que puede desencadenarse, por ejemplo, med... • https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-20751
https://notcve.org/view.php?id=CVE-2018-20751
04 Feb 2019 — An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. Se ha descubierto un problema en crop_page en PoDoFo 0.9.6. Para un documento PDF manipulado, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) puede dar problemas... • https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19532
https://notcve.org/view.php?id=CVE-2018-19532
26 Nov 2018 — A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. Una vulnerabilidad de desreferencia de puntero NULL existe en la función PdfTranslator::setTarget() en pdftranslator.cpp de PoDoFo 0.9.6, durante la creación de PdfXObject como se demuestra en podofoimpose. Permite a los atacantes remotos provocar un ataque de denegaci... • https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14320 – PoDoFo Library ParseToUnicode Memory Corruption Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-14320
13 Sep 2018 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to e... • https://zerodayinitiative.com/advisories/ZDI-18-1046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •