CVE-2017-7379
published 2017-04-03CVE-2017-7379: The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based…
PriorityP418medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
1.33%
67.7th percentile
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libpodofo | < libpodofo 0.9.4-5 (bookworm) | libpodofo 0.9.4-5 (bookworm) |
| podofo_project | podofo | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cm3q-wf38-7w4w: The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding
ghsa_unreviewed·2022-05-13
CVE-2017-7379 [MEDIUM] CWE-125 GHSA-cm3q-wf38-7w4w: The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
OSV
CVE-2017-7379: The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding
osv·2017-04-03·CVSS 5.5
CVE-2017-7379 [MEDIUM] CVE-2017-7379: The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
Debian
CVE-2017-7379: libpodofo - The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in ...
vendor_debian·2017·CVSS 5.5
CVE-2017-7379 [MEDIUM] CVE-2017-7379: libpodofo - The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in ...
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
Scope: local
bookworm: resolved (fixed in 0.9.4-5)
bullseye: resolved (fixed in 0.9.4-5)
forky: resolved (fixed in 0.9.4-5)
sid: resolved (fixed in 0.9.4-5)
trixie: resolved (fixed in 0.9.4-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [epel-all]
bugzilla·2017-04-03·CVSS 5.5
CVE-2017-7378 [MEDIUM] CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [epel-all]
CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and t
Bugzilla
CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [fedora-all]
bugzilla·2017-04-03·CVSS 5.5
CVE-2017-7378 [MEDIUM] CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [fedora-all]
CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog a
Bugzilla
CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 podofo: Multiple security issues found in 0.9.5 version [epel-all]
bugzilla·2017-04-03·CVSS 5.5
CVE-2017-7378 [MEDIUM] CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 podofo: Multiple security issues found in 0.9.5 version [epel-all]
CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 podofo: Multiple security issues found in 0.9.5 version [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpk
Bugzilla
CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 podofo: Multiple security issues found in 0.9.5 version [fedora-all]
bugzilla·2017-04-03·CVSS 5.5
CVE-2017-7378 [MEDIUM] CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 podofo: Multiple security issues found in 0.9.5 version [fedora-all]
CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 podofo: Multiple security issues found in 0.9.5 version [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
f
Bugzilla
CVE-2017-7383 CVE-2017-7382 CVE-2017-7381 CVE-2017-7380 CVE-2017-7379 CVE-2017-7378 podofo: Multiple security issues found in 0.9.5 version
bugzilla·2017-04-03·CVSS 5.5
CVE-2017-7383 [MEDIUM] CVE-2017-7383 CVE-2017-7382 CVE-2017-7381 CVE-2017-7380 CVE-2017-7379 CVE-2017-7378 podofo: Multiple security issues found in 0.9.5 version
CVE-2017-7383 CVE-2017-7382 CVE-2017-7381 CVE-2017-7380 CVE-2017-7379 CVE-2017-7378 podofo: Multiple security issues found in 0.9.5 version
Various security issues were found in podofo.
References:
http://seclists.org/oss-sec/2017/q2/2
http://seclists.org/oss-sec/2017/q2/1
http://seclists.org/oss-sec/2017/q2/0
Discussion:
Created podofo tracking bugs for this issue:
Affects: epel-all [bug 1438434]
Affects: fedora-all [bug 1438433]
---
Created podofo tracking bugs for this issue:
Affects: epel-all [bug 1438435]
Affects: fedora-all [bug 1438436]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
http://www.securityfocus.com/bid/97296https://blogs.gentoo.org/ago/2017/03/31/podofo-heap-based-buffer-overflow-in-podofopdfsimpleencodingconverttoencoding-pdfencoding-cpphttp://www.securityfocus.com/bid/97296https://blogs.gentoo.org/ago/2017/03/31/podofo-heap-based-buffer-overflow-in-podofopdfsimpleencodingconverttoencoding-pdfencoding-cpp
2017-04-03
Published