CVE-2018-14320Improper Restriction of Operations within the Bounds of a Memory Buffer in Podofo

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 34.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LibpodofoPodofo Podofo
Timeline
PublishedSep 17
Latest updateMay 13

Description

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerab

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/libpodofo< libpodofo 0.9.6+dfsg-4 (bookworm)
CVEListV5podofo/podofo_podofo0.9.5

🔴Vulnerability Details

2
GHSA
GHSA-v265-h4r2-3fhj: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo2022-05-13
OSV
CVE-2018-14320: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo2018-09-17

📋Vendor Advisories

1
Debian
CVE-2018-14320: libpodofo - This vulnerability allows remote attackers to disclose sensitive information on ...2018

💬Community

3
Bugzilla
CVE-2018-14320 podofo: Lack of proper validation of user supplied data can result in information disclosure [fedora-all]2018-09-20
Bugzilla
CVE-2018-14320 podofo: Lack of proper validation of user supplied data can result in information disclosure [epel-all]2018-09-20
Bugzilla
CVE-2018-14320 podofo: Lack of proper validation of user supplied data can result in information disclosure2018-09-20