CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31555
https://notcve.org/view.php?id=CVE-2023-31555
10 May 2023 — podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. • https://github.com/podofo/podofo/issues/67 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31556
https://notcve.org/view.php?id=CVE-2023-31556
10 May 2023 — podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. • https://github.com/podofo/podofo/issues/66 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31566 – Gentoo Linux Security Advisory 202405-33
https://notcve.org/view.php?id=CVE-2023-31566
10 May 2023 — Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution. Versions greater than or equal to 0.10.1 are affected. • https://github.com/podofo/podofo/issues/70 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31567 – Gentoo Linux Security Advisory 202405-33
https://notcve.org/view.php?id=CVE-2023-31567
10 May 2023 — Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution. Versions greater than or equal to 0.10.1 are affected. • https://github.com/podofo/podofo/issues/71 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31568
https://notcve.org/view.php?id=CVE-2023-31568
10 May 2023 — Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. • https://github.com/podofo/podofo/issues/72 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2241 – PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow
https://notcve.org/view.php?id=CVE-2023-2241
22 Apr 2023 — A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18972
https://notcve.org/view.php?id=CVE-2020-18972
25 Aug 2021 — Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. Una Exposición de Información Confidencial a un Actor no Autorizado en PoDoFo versión v0.9.6, permite a atacantes conseguir información confidencial por medio de "IsNextToken" en el componente "src/base/PdfToenizer.cpp". • https://sourceforge.net/p/podofo/tickets/49 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18971
https://notcve.org/view.php?id=CVE-2020-18971
25 Aug 2021 — Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. Un desbordamiento del búfer en la región stack de la memoria en PoDoFo versión v0.9.6, permite a atacantes causar una denegación de servicio por medio del componente "src/base/PdfDictionary.cpp:65". • https://sourceforge.net/p/podofo/tickets/48 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30472
https://notcve.org/view.php?id=CVE-2021-30472
26 May 2021 — A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. Se encontró un fallo en PoDoFo versión 0.9.7. Un desbordamiento de búfer en la región stack de la memoria en la función PdfEncryptMD5Base::ComputeOwnerKey en el archivo PdfEncrypt.cpp es posible debido a una comprobación inapropiada del valor keyLength • https://bugzilla.redhat.com/show_bug.cgi?id=1947458 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30471
https://notcve.org/view.php?id=CVE-2021-30471
26 May 2021 — A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. Se encontró un fallo en PoDoFo versión 0.9.7. Una llamada recursiva no controlada en la función PdfNamesTree::AddToDictionary en el archivo src/podofo/doc/PdfNamesTree.cpp puede conllevar a un desbordamiento de pila • https://bugzilla.redhat.com/show_bug.cgi?id=1947441 • CWE-674: Uncontrolled Recursion •