CVE-2017-6849NULL Pointer Dereference in Project Podofo

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 44.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LibpodofoPodofo Project Podofo
Timeline
PublishedMar 15
Latest updateMay 17

Description

The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/libpodofo< libpodofo 0.9.5-9 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-533h-qgf9-6h99: The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor2022-05-17
OSV
CVE-2017-6849: The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor2017-03-15

📋Vendor Advisories

1
Debian
CVE-2017-6849: libpodofo - The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4...2017

💬Community

1
Bugzilla
CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2015-8981 CVE-2017-5855 CVE-2017-5886 podofo: Multiple security vulnerabilities2017-02-02
CVE-2017-6849 — NULL Pointer Dereference | cvebase