Podofo Project

podofo_project

63 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Podofo

podofo

63 CVEs

CVEs (63)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-46205 1Podofo Project 1Podofo Oct 27, 2025 Oct 1, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier...Show more A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue.Show less
CVE-2025-9394 1Podofo Project 1Podofo Apr 29, 2026 Aug 24, 2025 1.9 LOW· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can l...Show more A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue.Show less
CVE-2023-31568 1Podofo Project 1Podofo Jan 27, 2025 May 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.
CVE-2023-31567 1Podofo Project 1Podofo Jan 27, 2025 May 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
CVE-2023-31566 1Podofo Project 1Podofo Jan 27, 2025 May 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31556 1Podofo Project 1Podofo Jan 27, 2025 May 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.
CVE-2023-31555 1Podofo Project 1Podofo Jan 27, 2025 May 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.
CVE-2023-2241 1Podofo Project 1Podofo Feb 4, 2025 Apr 22, 2023 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow....Show more A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.Show less
CVE-2020-18972 1Podofo Project 1Podofo Nov 21, 2024 Aug 25, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.
CVE-2020-18971 1Podofo Project 1Podofo Nov 21, 2024 Aug 25, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
CVE-2021-30472 1Podofo Project 1Podofo Nov 21, 2024 May 26, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2021-30471 3Fedoraproject Podofo ProjectRedhat 3Enterprise Linux FedoraPodofo Nov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
CVE-2021-30470 3Fedoraproject Podofo ProjectRedhat 3Enterprise Linux FedoraPodofo Nov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
CVE-2021-30469 3Fedoraproject Podofo ProjectRedhat 3Enterprise Linux FedoraPodofo Nov 21, 2024 May 26, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2019-20093 2Fedoraproject Podofo Project 2Fedora Podofo Nov 21, 2024 Dec 30, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
CVE-2019-10723 1Podofo Project 1Podofo Nov 21, 2024 Apr 3, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.
CVE-2019-9687 2Fedoraproject Podofo Project 2Fedora Podofo Nov 21, 2024 Mar 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
CVE-2018-20797 1Podofo Project 1Podofo Nov 21, 2024 Feb 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in bas...Show more An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.Show less
CVE-2019-9199 2Fedoraproject Podofo Project 2Fedora Podofo Nov 21, 2024 Feb 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an at...Show more PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2018-20751 1Podofo Project 1Podofo Nov 21, 2024 Feb 4, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for th...Show more An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.Show less

12 3 4 Next