CVE-2019-9687 — Out-of-bounds Write in Project Podofo

CWE-787 — Out-of-bounds Write8 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 34.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libpodofo Fedoraproject Fedora Podofo Project Podofo

Timeline

PublishedMar 11

Latest updateMay 13

Description

PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/libpodofo< libpodofo 0.9.6+dfsg-5 (bookworm)

▶NVDpodofo_project/podofo0.9.6

Also affects: Fedora 29

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-mqv4-qcv4-jr3c: PoDoFo 0↗2022-05-13

▶

OSV

CVE-2019-9687: PoDoFo 0↗2019-03-11

▶

📋Vendor Advisories

Debian

CVE-2019-9687: libpodofo - PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 i...↗2019

▶

💬Community

Bugzilla

CVE-2019-9687 podofo: heap-based buffer overflow in function PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp↗2019-03-12

▶

Bugzilla

CVE-2019-9687 podofo: heap-based buffer overflow in function PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp [epel-all]↗2019-03-12

▶

Bugzilla

CVE-2019-9687 mingw-podofo: podofo: heap-based buffer overflow in function PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp [fedora-all]↗2019-03-12

▶

Bugzilla

CVE-2019-9687 podofo: heap-based buffer overflow in function PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp [fedora-all]↗2019-03-12

▶