CVE-2020-18971Out-of-bounds Write in Project Podofo

CWE-787Out-of-bounds Write6 documents5 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.1%
top 70.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LibpodofoPodofo Project Podofo
Timeline
PublishedAug 25
Latest updateJan 20

Description

Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/libpodofo< libpodofo 0.9.8+dfsg-1 (bookworm)

🔴Vulnerability Details

3
OSV
libpodofo vulnerabilities2025-01-20
GHSA
GHSA-xrmq-h6xp-2vgc: Stack-based Buffer Overflow in PoDoFo v02022-05-24
OSV
CVE-2020-18971: Stack-based Buffer Overflow in PoDoFo v02021-08-25

📋Vendor Advisories

2
Ubuntu
PoDoFo library vulnerabilities2025-01-20
Debian
CVE-2020-18971: libpodofo - Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial ...2020
CVE-2020-18971 — Out-of-bounds Write in Project Podofo | cvebase