CVE-2019-10723 — Allocation of Resources Without Limits or Throttling in Project Podofo

CWE-770 — Allocation of Resources Without Limits or Throttling9 documents6 sources

Severity

5.5MEDIUMNVD

OSV7.8

EPSS

0.1%

top 75.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpodofo Podofo Project Podofo

Timeline

PublishedApr 3

Latest updateJan 20

Description

An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/libpodofo< libpodofo 0.9.8+dfsg-2 (bookworm)

▶NVDpodofo_project/podofo0.9.6

🔴Vulnerability Details

OSV

libpodofo vulnerabilities↗2025-01-20

▶

GHSA

GHSA-89jq-v4mx-wp6f: An issue was discovered in PoDoFo 0↗2022-05-13

▶

OSV

CVE-2019-10723: An issue was discovered in PoDoFo 0↗2019-04-03

▶

📋Vendor Advisories

Ubuntu

PoDoFo library vulnerabilities↗2025-01-20

▶

Debian

CVE-2019-10723: libpodofo - An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfP...↗2019

▶

💬Community

Bugzilla

CVE-2019-10723 podofo: Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp [epel-all]↗2019-04-03

▶

Bugzilla

CVE-2019-10723 podofo: Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp [fedora-all]↗2019-04-03

▶

Bugzilla

CVE-2019-10723 podofo: Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp↗2019-04-03

▶