CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31555
https://notcve.org/view.php?id=CVE-2023-31555
10 May 2023 — podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. • https://github.com/podofo/podofo/issues/67 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31556
https://notcve.org/view.php?id=CVE-2023-31556
10 May 2023 — podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. • https://github.com/podofo/podofo/issues/66 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31566 – Gentoo Linux Security Advisory 202405-33
https://notcve.org/view.php?id=CVE-2023-31566
10 May 2023 — Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution. Versions greater than or equal to 0.10.1 are affected. • https://github.com/podofo/podofo/issues/70 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31567 – Gentoo Linux Security Advisory 202405-33
https://notcve.org/view.php?id=CVE-2023-31567
10 May 2023 — Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution. Versions greater than or equal to 0.10.1 are affected. • https://github.com/podofo/podofo/issues/71 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31568
https://notcve.org/view.php?id=CVE-2023-31568
10 May 2023 — Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. • https://github.com/podofo/podofo/issues/72 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2241 – PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow
https://notcve.org/view.php?id=CVE-2023-2241
22 Apr 2023 — A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •