AVG-867 log

Package podofo
Status Fixed
Severity Medium
Type multiple issues
Affected 0.9.6-3
Fixed 0.9.7-1
Current 0.9.7-1 [community]
Ticket FS#61651
Created Wed Feb 6 12:19:37 2019
Issue Severity Remote Type Description
CVE-2019-9687 Medium No Arbitrary code execution
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. The issue is fixed in PoDoFo version 0.9.7.
CVE-2019-9199 Low No Denial of service
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by...
CVE-2018-20751 Low No Denial of service
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be...
CVE-2018-19532 Low No Denial of service
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the...
CVE-2018-14320 Medium No Arbitrary code execution
This vulnerability in PoDoFo 0.9.6 allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is...
CVE-2018-12982 Low No Denial of service
An invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have...
CVE-2018-11256 Low No Denial of service
An issue was discovered in PoDoFo 0.9.6. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of...
CVE-2018-11255 Low No Denial of service
An issue was discovered in PoDoFo 0.9.6. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of...
CVE-2018-11254 Low No Denial of service
An issue was discovered in PoDoFo 0.9.6. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers...
CVE-2018-5783 Low No Denial of service
In PoDoFo 0.9.6, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could...
CVE-2017-8054 Low No Denial of service
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (infinite...
Date Advisory Package Type
20 Jan 2021 ASA-202101-36 podofo multiple issues