CVE-2018-12983 — Out-of-bounds Read in Project Podofo

CWE-125 — Out-of-bounds Read10 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 40.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpodofo Podofo Project Podofo

Timeline

PublishedJun 29

Latest updateJan 20

Description

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/libpodofo< libpodofo 0.9.8+dfsg-2 (bookworm)

▶NVDpodofo_project/podofo0.9.6

🔴Vulnerability Details

OSV

libpodofo vulnerabilities↗2025-01-20

▶

GHSA

GHSA-p22g-5jc2-vvwx: A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt↗2022-05-13

▶

OSV

CVE-2018-12983: A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt↗2018-06-29

▶

📋Vendor Advisories

Ubuntu

PoDoFo library vulnerabilities↗2025-01-20

▶

Debian

CVE-2018-12983: libpodofo - A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() ...↗2018

▶

💬Community

Bugzilla

CVE-2018-12983 podofo: stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function [epel-all]↗2018-07-02

▶

Bugzilla

CVE-2018-12983 podofo: stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function↗2018-07-02

▶

Bugzilla

CVE-2018-12983 podofo: stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function [fedora-all]↗2018-07-02

▶

Bugzilla

CVE-2018-12983 mingw-podofo: podofo: stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function [fedora-all]↗2018-07-02

▶