CVE-2017-8053 — Infinite Loop in Project Podofo

CWE-835 — Infinite Loop7 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 42.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpodofo Podofo Project Podofo

Timeline

PublishedApr 22

Latest updateMay 13

Description

PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/libpodofo< libpodofo 0.9.6+dfsg-3 (bookworm)

▶NVDpodofo_project/podofo0.9.5

🔴Vulnerability Details

GHSA

GHSA-p7r7-9m7f-qm95: PoDoFo 0↗2022-05-13

▶

OSV

CVE-2017-8053: PoDoFo 0↗2017-04-22

▶

📋Vendor Advisories

Debian

CVE-2017-8053: libpodofo - PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption)...↗2017

▶

💬Community

Bugzilla

CVE-2017-8378 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 CVE-2017-8787 CVE-2018-5295 CVE-2018-5296 podofo: Multiple security vulnerabilities↗2017-04-25

▶

Bugzilla

CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [epel-all]↗2017-04-03

▶

Bugzilla

CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [fedora-all]↗2017-04-03

▶