CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30471
https://notcve.org/view.php?id=CVE-2021-30471
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. Se encontró un fallo en PoDoFo versión 0.9.7. Una llamada recursiva no controlada en la función PdfNamesTree::AddToDictionary en el archivo src/podofo/doc/PdfNamesTree.cpp puede conllevar a un desbordamiento de pila • https://bugzilla.redhat.com/show_bug.cgi?id=1947441 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30470
https://notcve.org/view.php?id=CVE-2021-30470
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. Se encontró un fallo en PoDoFo versión 0.9.7. Una llamada recursiva no controlada entre las funciones PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() y PdfTokenizer::ReadDataType() puede conllevar a un desbordamiento de pila • https://bugzilla.redhat.com/show_bug.cgi?id=1947436 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30469
https://notcve.org/view.php?id=CVE-2021-30469
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. Se encontró un fallo en PoDoFo versión 0.9.7. Un uso de la memoria previamente liberada en la función PoDoFo::PdfVecObjects::Clear() puede causar una denegación de servicio por medio de un archivo PDF diseñado • https://bugzilla.redhat.com/show_bug.cgi?id=1947433 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-25014 – libwebp: use of uninitialized value in ReadSymbol()
https://notcve.org/view.php?id=CVE-2018-25014
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). Se encontró un uso de valor no inicializado en libwebp en versiones anteriores a la 1.0.1 en ReadSymbol() A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 https://bugzilla.redhat.com/show_bug.cgi?id=1956927 https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 https://access.redhat.com/security/cve/CVE-2018-25014 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-25011 – libwebp: heap-based buffer overflow in PutLE16()
https://notcve.org/view.php?id=CVE-2018-25011
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en PutLE16() A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119 https://bugzilla.redhat.com/show_bug.cgi?id=1956919 https://chromium.googlesource.com/webm/libwebp/+/v1.0.1 https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller&n=10000 https://access.redhat.com/security/cve/CVE-2018-25011 • CWE-787: Out-of-bounds Write •