Podofo Project

podofo_project

63 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Podofo

podofo

63 CVEs

CVEs (63)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-19532 1Podofo Project 1Podofo Nov 21, 2024 Nov 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to ca...Show more A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.Show less
CVE-2018-14320 1Podofo Project 1Podofo Nov 21, 2024 Sep 17, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...Show more This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.Show less
CVE-2018-12983 1Podofo Project 1Podofo Nov 21, 2024 Jun 29, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
CVE-2018-12982 1Podofo Project 1Podofo Nov 21, 2024 Jun 29, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
CVE-2018-11256 1Podofo Project 1Podofo Nov 21, 2024 May 18, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a c...Show more An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.Show less
CVE-2018-11255 1Podofo Project 1Podofo Nov 21, 2024 May 18, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a cr...Show more An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.Show less
CVE-2018-11254 1Podofo Project 1Podofo Nov 21, 2024 May 18, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service th...Show more An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.Show less
CVE-2018-8002 1Podofo Project 1Podofo Nov 21, 2024 Mar 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause...Show more In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.Show less
CVE-2018-8001 1Podofo Project 1Podofo Nov 21, 2024 Mar 9, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other im...Show more In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.Show less
CVE-2018-8000 1Podofo Project 1Podofo Nov 21, 2024 Mar 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability t...Show more In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file.Show less
CVE-2018-6352 1Podofo Project 1Podofo Nov 21, 2024 Jan 27, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf...Show more In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.Show less
CVE-2018-5783 1Podofo Project 1Podofo Nov 21, 2024 Jan 19, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a cra...Show more In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.Show less
CVE-2018-5309 1Podofo Project 1Podofo Nov 21, 2024 Jan 9, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denia...Show more In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.Show less
CVE-2018-5308 1Podofo Project 1Podofo Nov 21, 2024 Jan 9, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibl...Show more PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.Show less
CVE-2018-5296 1Podofo Project 1Podofo Nov 21, 2024 Jan 8, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafte...Show more In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.Show less
CVE-2018-5295 1Podofo Project 1Podofo Nov 21, 2024 Jan 8, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service v...Show more In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.Show less
CVE-2017-8787 1Podofo Project 1Podofo May 13, 2026 May 5, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly...Show more The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.Show less
CVE-2017-8378 1Podofo Project 1Podofo May 13, 2026 May 1, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact v...Show more Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.Show less
CVE-2017-8054 1Podofo Project 1Podofo May 13, 2026 Apr 22, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.
CVE-2017-8053 1Podofo Project 1Podofo May 13, 2026 Apr 22, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

Previous 123 4 Next