Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2018-8000 - log back

CVE-2018-8000 edited at 10 Jan 2021 10:11:56

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Arbitrary code execution

Description

+

In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file.

References

+	https://sourceforge.net/p/podofo/tickets/13/
+	https://bugzilla.redhat.com/show_bug.cgi?id=1548918
+	https://bugzilla.redhat.com/attachment.cgi?id=1400716
+	https://sourceforge.net/p/podofo/code/1837/

Notes

CVE-2018-8000 created at 10 Jan 2021 09:54:00