AVG-1426 log

Package podofo
Status Fixed
Severity Medium
Type multiple issues
Affected 0.9.5-2
Fixed 0.9.6-1
Current 0.10.3-1 [extra]
Ticket None
Created Sun Jan 10 09:54:00 2021
Issue Severity Remote Type Description
CVE-2018-8001 Medium No Information disclosure
In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this...
CVE-2018-8000 Medium No Arbitrary code execution
In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to...
CVE-2018-6352 Low No Denial of service
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this...
CVE-2018-5309 Low No Denial of service
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp)....
CVE-2018-5308 Medium No Arbitrary code execution
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could...
CVE-2018-5296 Low No Denial of service
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could...
CVE-2018-5295 Low No Denial of service
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers...
CVE-2017-8053 Low No Denial of service
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).
CVE-2017-6849 Low No Denial of service
The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2017-6846 Low No Denial of service
The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of...
CVE-2017-6845 Low No Denial of service
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via...
CVE-2017-5886 Medium No Arbitrary code execution
Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.5 allows remote attackers to have...