CVE-2019-20093
published 2019-12-30CVE-2019-20093: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference)…
PriorityP418medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
1.36%
68.4th percentile
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libpodofo | < libpodofo 0.9.8+dfsg-2 (bookworm) | libpodofo 0.9.8+dfsg-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| podofo_project | podofo | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9h85-988j-4f98: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant
ghsa_unreviewed·2022-05-24
CVE-2019-20093 [MEDIUM] CWE-476 GHSA-9h85-988j-4f98: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
OSV
CVE-2019-20093: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant
osv·2019-12-30·CVSS 5.5
CVE-2019-20093 [MEDIUM] CVE-2019-20093: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
Debian
CVE-2019-20093: libpodofo - The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 all...
vendor_debian·2019·CVSS 5.5
CVE-2019-20093 [MEDIUM] CVE-2019-20093: libpodofo - The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 all...
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
Scope: local
bookworm: resolved (fixed in 0.9.8+dfsg-2)
bullseye: open
forky: resolved (fixed in 0.9.8+dfsg-2)
sid: resolved (fixed in 0.9.8+dfsg-2)
trixie: resolved (fixed in 0.9.8+dfsg-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [epel-6]
bugzilla·2020-01-17·CVSS 5.5
CVE-2019-20093 [MEDIUM] CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [epel-6]
CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the follo
Bugzilla
CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [epel-7]
bugzilla·2020-01-17·CVSS 5.5
CVE-2019-20093 [MEDIUM] CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [epel-7]
CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the follo
Bugzilla
CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h
bugzilla·2020-01-17·CVSS 5.5
CVE-2019-20093 [MEDIUM] CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h
CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
Reference:
https://sourceforge.net/p/podofo/tickets/75/
Discussion:
Created mingw-podofo tracking bugs for this issue:
Affects: fedora-all [bug 1792345]
Created podofo tracking bugs for this issue:
Affects: epel-6 [bug 1792347]
Affects: epel-7 [bug 1792348]
Affects: fedora-all [bug 1792346]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for s
Bugzilla
CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
bugzilla·2020-01-17·CVSS 5.5
CVE-2019-20093 [MEDIUM] CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue a
Bugzilla
CVE-2019-20093 mingw-podofo: podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
bugzilla·2020-01-17·CVSS 5.5
CVE-2019-20093 [MEDIUM] CVE-2019-20093 mingw-podofo: podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
CVE-2019-20093 mingw-podofo: podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE
Checkpoint
6th April – Threat Intelligence Report
blogs_checkpoint·2026-04-06
CVE-2026-20093 6th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident affected at least one Amazon Web Services account and resulted in data theft, while websites and internal sys
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTB2J5XWOEGAJYR2N66GAECUIKDG6O2S/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHFOCBZCF3GX7A6FWE3JM7P37TQWGINJ/https://sourceforge.net/p/podofo/tickets/75/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTB2J5XWOEGAJYR2N66GAECUIKDG6O2S/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHFOCBZCF3GX7A6FWE3JM7P37TQWGINJ/https://sourceforge.net/p/podofo/tickets/75/
2019-12-30
Published