podofo

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A C++ library to work with the PDF file format
Version 0.10.4-2 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1427 0.9.7-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-30472 AVG-1427 Medium No Arbitrary code execution 
A security issue was found in PoDoFo. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of...
CVE-2021-30471 AVG-1427 Low No Denial of service 
A security issue was found in PoDoFo. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead...
CVE-2021-30470 AVG-1427 Medium No Denial of service 
A security issue was found in PoDoFo. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and...
CVE-2021-30469 AVG-1427 Medium No Arbitrary code execution 
A security issue was found in PoDoFo. A use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2020-18972 AVG-1427 Medium Yes Information disclosure 
Exposure of sensitive information to an unauthorized actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the...
CVE-2020-18971 AVG-1427 Low Yes Denial of service 
A stack-based buffer overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
CVE-2019-20093 AVG-1427 Low No Denial of service 
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference)...
CVE-2019-10723 AVG-1427 Low No Denial of service 
An issue was discovered in PoDoFo. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because...
CVE-2018-20797 AVG-1427 Low No Denial of service 
An issue was discovered in PoDoFo. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called...
CVE-2018-12983 AVG-1427 Low No Denial of service 
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo could be leveraged by remote attackers...
CVE-2018-8002 AVG-1427 Low No Denial of service 
In PoDoFo, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow....

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1426 0.9.5-2 0.9.6-1 Medium Fixed
AVG-867 0.9.6-3 0.9.7-1 Medium Fixed FS#61651
AVG-216 0.9.5-2 0.9.6-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-9687 AVG-867 Medium No Arbitrary code execution 
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. The issue is fixed in PoDoFo version 0.9.7.
CVE-2019-9199 AVG-867 Low No Denial of service 
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by...
CVE-2018-20751 AVG-867 Low No Denial of service 
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be...
CVE-2018-19532 AVG-867 Low No Denial of service 
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the...
CVE-2018-14320 AVG-867 Medium No Arbitrary code execution 
This vulnerability in PoDoFo 0.9.6 allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is...
CVE-2018-12982 AVG-867 Low No Denial of service 
An invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have...
CVE-2018-11256 AVG-867 Low No Denial of service 
An issue was discovered in PoDoFo 0.9.6. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of...
CVE-2018-11255 AVG-867 Low No Denial of service 
An issue was discovered in PoDoFo 0.9.6. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of...
CVE-2018-11254 AVG-867 Low No Denial of service 
An issue was discovered in PoDoFo 0.9.6. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers...
CVE-2018-8001 AVG-1426 Medium No Information disclosure 
In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this...
CVE-2018-8000 AVG-1426 Medium No Arbitrary code execution 
In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to...
CVE-2018-6352 AVG-1426 Low No Denial of service 
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this...
CVE-2018-5783 AVG-867 Low No Denial of service 
In PoDoFo 0.9.6, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could...
CVE-2018-5309 AVG-1426 Low No Denial of service 
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp)....
CVE-2018-5308 AVG-1426 Medium No Arbitrary code execution 
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could...
CVE-2018-5296 AVG-1426 Low No Denial of service 
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could...
CVE-2018-5295 AVG-1426 Low No Denial of service 
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers...
CVE-2017-8054 AVG-867 Low No Denial of service 
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (infinite...
CVE-2017-8053 AVG-1426 Low No Denial of service 
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).
CVE-2017-7994 AVG-216 High Yes Denial of service 
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2017-7383 AVG-216 High Yes Denial of service 
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via...
CVE-2017-7382 AVG-216 High Yes Denial of service 
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via...
CVE-2017-7381 AVG-216 High Yes Denial of service 
The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a...
CVE-2017-7380 AVG-216 High Yes Denial of service 
The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a...
CVE-2017-7379 AVG-216 High Yes Denial of service 
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service...
CVE-2017-7378 AVG-216 High Yes Denial of service 
The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer...
CVE-2017-6849 AVG-1426 Low No Denial of service 
The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2017-6846 AVG-1426 Low No Denial of service 
The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of...
CVE-2017-6845 AVG-1426 Low No Denial of service 
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via...
CVE-2017-6842 AVG-216 Medium Yes Denial of service 
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2017-6841 AVG-216 Medium Yes Denial of service 
The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of...
CVE-2017-6840 AVG-216 Medium Yes Denial of service 
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a...
CVE-2017-5886 AVG-1426 Medium No Arbitrary code execution 
Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.5 allows remote attackers to have...

Advisories

Date Advisory Group Severity Type
20 Jan 2021 ASA-202101-36 AVG-867 Medium multiple issues