CVE-2018-11254 — Uncontrolled Recursion in Project Podofo

CWE-674 — Uncontrolled Recursion8 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 40.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpodofo Podofo Project Podofo

Timeline

PublishedMay 18

Latest updateMay 13

Description

An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/libpodofo< libpodofo 0.9.6+dfsg-4 (bookworm)

▶NVDpodofo_project/podofo0.9.5

🔴Vulnerability Details

GHSA

GHSA-397j-7mpf-rm74: An issue was discovered in PoDoFo 0↗2022-05-13

▶

OSV

CVE-2018-11254: An issue was discovered in PoDoFo 0↗2018-05-18

▶

📋Vendor Advisories

Debian

CVE-2018-11254: libpodofo - An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the ...↗2018

▶

💬Community

Bugzilla

CVE-2018-11254 CVE-2018-11255 CVE-2018-11256 podofo: various flaws [fedora-all]↗2018-05-22

▶

Bugzilla

CVE-2018-11254 CVE-2018-11255 CVE-2018-11256 podofo: various flaws [epel-all]↗2018-05-22

▶

Bugzilla

CVE-2018-11254 podofo: Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp↗2018-05-22

▶

Bugzilla

CVE-2018-11254 CVE-2018-11255 CVE-2018-11256 mingw-podofo: various flaws [fedora-all]↗2018-05-22

▶