) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:podofo_project:podofo:0.9.6
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-18972 |
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. Published: August 25, 2021; 12:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2020-18971 |
Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. Published: August 25, 2021; 12:15:07 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-20093 |
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. Published: December 29, 2019; 11:15:11 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-10723 |
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. Published: April 03, 2019; 2:29:17 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-9687 |
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. Published: March 11, 2019; 12:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-20797 |
An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. Published: February 27, 2019; 12:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-9199 |
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Published: February 26, 2019; 6:29:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-20751 |
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. Published: February 04, 2019; 2:29:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-19532 |
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. Published: November 25, 2018; 9:29:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-12983 |
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. Published: June 29, 2018; 1:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-12982 |
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. Published: June 29, 2018; 1:29:00 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |