CVE-2019-9199 — NULL Pointer Dereference in Project Podofo

CWE-476 — NULL Pointer Dereference7 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 36.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpodofo Fedoraproject Fedora Podofo Project Podofo

Timeline

PublishedFeb 26

Latest updateMay 14

Description

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/libpodofo< libpodofo 0.9.6+dfsg-5 (bookworm)

▶NVDpodofo_project/podofo0.9.6

Also affects: Fedora 29, 30

🔴Vulnerability Details

GHSA

GHSA-2pr3-qrhm-jm7j: PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator↗2022-05-14

▶

OSV

CVE-2019-9199: PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator↗2019-02-26

▶

📋Vendor Advisories

Debian

CVE-2019-9199: libpodofo - PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 ...↗2019

▶

💬Community

Bugzilla

CVE-2019-9199 podofo: Null pointer dereference in function PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp [epel-all]↗2019-02-27

▶

Bugzilla

CVE-2019-9199 podofo: Null pointer dereference in function PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp↗2019-02-27

▶

Bugzilla

CVE-2019-9199 podofo: Null pointer dereference in function PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp [fedora-all]↗2019-02-27

▶