Podofoproject Podofo
By the Year
In 2024 there have been 0 vulnerabilities in Podofoproject Podofo . Last year Podofo had 6 security vulnerabilities published. Right now, Podofo is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 6 | 7.87 |
2022 | 0 | 0.00 |
2021 | 6 | 5.88 |
2020 | 0 | 0.00 |
2019 | 6 | 7.48 |
2018 | 16 | 6.68 |
It may take a day or so for new Podofo vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Podofoproject Podofo Security Vulnerabilities
podofoinfo 0.10.0 was discovered to contain a segmentation violation
CVE-2023-31555
6.5 - Medium
- May 10, 2023
podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.
podofoinfo 0.10.0 was discovered to contain a segmentation violation
CVE-2023-31556
6.5 - Medium
- May 10, 2023
podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.
Memory Corruption
Podofo v0.10.0 was discovered to contain a heap-use-after-free
CVE-2023-31566
8.8 - High
- May 10, 2023
Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
Dangling pointer
Podofo v0.10.0 was discovered to contain a heap buffer overflow
CVE-2023-31567
8.8 - High
- May 10, 2023
Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
Memory Corruption
Podofo v0.10.0 was discovered to contain a heap buffer overflow
CVE-2023-31568
8.8 - High
- May 10, 2023
Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.
Memory Corruption
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0
CVE-2023-2241
7.8 - High
- April 22, 2023
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.
Memory Corruption
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6
CVE-2020-18972
5.5 - Medium
- August 25, 2021
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.
Exposure of Resource to Wrong Sphere
Stack-based Buffer Overflow in PoDoFo v0.9.6
CVE-2020-18971
5.5 - Medium
- August 25, 2021
Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
Memory Corruption
A flaw was found in PoDoFo 0.9.7
CVE-2021-30469
5.5 - Medium
- May 26, 2021
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
Dangling pointer
A flaw was found in PoDoFo 0.9.7
CVE-2021-30470
5.5 - Medium
- May 26, 2021
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
Stack Exhaustion
A flaw was found in PoDoFo 0.9.7
CVE-2021-30471
5.5 - Medium
- May 26, 2021
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
Stack Exhaustion
A flaw was found in PoDoFo 0.9.7
CVE-2021-30472
7.8 - High
- May 26, 2021
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
Memory Corruption
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6
CVE-2019-20093
5.5 - Medium
- December 30, 2019
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
NULL Pointer Dereference
An issue was discovered in PoDoFo 0.9.6
CVE-2019-10723
5.5 - Medium
- April 03, 2019
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.
Allocation of Resources Without Limits or Throttling
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
CVE-2019-9687
9.8 - Critical
- March 11, 2019
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
Memory Corruption
An issue was discovered in PoDoFo 0.9.6
CVE-2018-20797
6.5 - Medium
- February 27, 2019
An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.
Buffer Overflow
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference
CVE-2019-9199
8.8 - High
- February 26, 2019
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
NULL Pointer Dereference
An issue was discovered in crop_page in PoDoFo 0.9.6
CVE-2018-20751
8.8 - High
- February 04, 2019
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.
NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6
CVE-2018-19532
8.8 - High
- November 26, 2018
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
NULL Pointer Dereference
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo
CVE-2018-14320
6.5 - Medium
- September 17, 2018
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.
Buffer Overflow
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service
CVE-2018-12983
7.8 - High
- June 29, 2018
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
Out-of-bounds Read
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1
CVE-2018-12982
5.5 - Medium
- June 29, 2018
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
Buffer Overflow
An issue was discovered in PoDoFo 0.9.5
CVE-2018-11256
6.5 - Medium
- May 18, 2018
An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
NULL Pointer Dereference
An issue was discovered in PoDoFo 0.9.5
CVE-2018-11255
5.5 - Medium
- May 18, 2018
An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
NULL Pointer Dereference
An issue was discovered in PoDoFo 0.9.5
CVE-2018-11254
5.5 - Medium
- May 18, 2018
An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.
Stack Exhaustion
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp
CVE-2018-8002
8.8 - High
- March 09, 2018
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
Infinite Loop
In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp
CVE-2018-8001
7.8 - High
- March 09, 2018
In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
Out-of-bounds Read
In PoDoFo 0.9.5
CVE-2018-8000
8.8 - High
- March 09, 2018
In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file.
Memory Corruption
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp
CVE-2018-6352
5.5 - Medium
- January 27, 2018
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.
Resource Exhaustion
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h)
CVE-2018-5783
5.5 - Medium
- January 19, 2018
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
Allocation of Resources Without Limits or Throttling
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjects
CVE-2018-5309
5.5 - Medium
- January 09, 2018
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Integer Overflow or Wraparound
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp)
CVE-2018-5308
7.8 - High
- January 09, 2018
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
NULL Pointer Dereference
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp)
CVE-2018-5295
5.5 - Medium
- January 08, 2018
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Integer Overflow or Wraparound
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp)
CVE-2018-5296
5.5 - Medium
- January 08, 2018
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Allocation of Resources Without Limits or Throttling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Podofoproject Podofo or by Podofoproject? Click the Watch button to subscribe.