CVE-2018-6352 — Uncontrolled Resource Consumption in Project Podofo

CWE-400 — Uncontrolled Resource Consumption8 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 40.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpodofo Podofo Project Podofo

Timeline

PublishedJan 27

Latest updateMay 14

Description

In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/libpodofo< libpodofo 0.9.6+dfsg-3 (bookworm)

▶NVDpodofo_project/podofo0.9.5

🔴Vulnerability Details

GHSA

GHSA-36h9-cqj8-x2vg: In PoDoFo 0↗2022-05-14

▶

OSV

CVE-2018-6352: In PoDoFo 0↗2018-01-27

▶

📋Vendor Advisories

Debian

CVE-2018-6352: libpodofo - In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsIn...↗2018

▶

💬Community

Bugzilla

CVE-2018-6352 podofo: Excessive iteration in PdfParser::ReadObjectsInternal function in src/base/PdfParser.cpp [epel-all]↗2018-01-29

▶

Bugzilla

CVE-2018-6352 mingw-podofo: podofo: Excessive iteration in PdfParser::ReadObjectsInternal function in src/base/PdfParser.cpp [fedora-all]↗2018-01-29

▶

Bugzilla

CVE-2018-6352 podofo: Excessive iteration in PdfParser::ReadObjectsInternal function in src/base/PdfParser.cpp [fedora-all]↗2018-01-29

▶

Bugzilla

CVE-2018-6352 podofo: Excessive iteration in PdfParser::ReadObjectsInternal function in src/base/PdfParser.cpp↗2018-01-29

▶