CVE-2019-9199 log

Source
Severity Low
Remote No
Type Denial of service
Description
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. The issue is fixed in PoDoFo version 0.9.7.
Group Package Affected Fixed Severity Status Ticket
AVG-867 podofo 0.9.6-3 0.9.7-1 Medium Testing FS#61651
References
https://research.loginsoft.com/vulnerability/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/
https://sourceforge.net/p/podofo/tickets/40/
https://sourceforge.net/p/podofo/code/1971/