CVE-2023-2241 – PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow

https://notcve.org/view.php?id=CVE-2023-2241

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 https://github.com/podofo/podofo/files/11260976/poc-file.zip https://github.com/podofo/podofo/issues/69 https://vuldb.com/?ctiid.227226 https://vuldb.com/?id.227226 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •