CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2241 – PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow
https://notcve.org/view.php?id=CVE-2023-2241
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 https://github.com/podofo/podofo/files/11260976/poc-file.zip https://github.com/podofo/podofo/issues/69 https://vuldb.com/?ctiid.227226 https://vuldb.com/?id.227226 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18972
https://notcve.org/view.php?id=CVE-2020-18972
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. Una Exposición de Información Confidencial a un Actor no Autorizado en PoDoFo versión v0.9.6, permite a atacantes conseguir información confidencial por medio de "IsNextToken" en el componente "src/base/PdfToenizer.cpp". • https://sourceforge.net/p/podofo/tickets/49 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18971
https://notcve.org/view.php?id=CVE-2020-18971
Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. Un desbordamiento del búfer en la región stack de la memoria en PoDoFo versión v0.9.6, permite a atacantes causar una denegación de servicio por medio del componente "src/base/PdfDictionary.cpp:65". • https://sourceforge.net/p/podofo/tickets/48 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30472
https://notcve.org/view.php?id=CVE-2021-30472
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. Se encontró un fallo en PoDoFo versión 0.9.7. Un desbordamiento de búfer en la región stack de la memoria en la función PdfEncryptMD5Base::ComputeOwnerKey en el archivo PdfEncrypt.cpp es posible debido a una comprobación inapropiada del valor keyLength • https://bugzilla.redhat.com/show_bug.cgi?id=1947458 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30471
https://notcve.org/view.php?id=CVE-2021-30471
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. Se encontró un fallo en PoDoFo versión 0.9.7. Una llamada recursiva no controlada en la función PdfNamesTree::AddToDictionary en el archivo src/podofo/doc/PdfNamesTree.cpp puede conllevar a un desbordamiento de pila • https://bugzilla.redhat.com/show_bug.cgi?id=1947441 • CWE-674: Uncontrolled Recursion •