CVE-2021-30469Use After Free in Project Podofo

CWE-416Use After Free4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 62.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Podofo Project PodofoFedoraproject FedoraRedhat Enterprise Linux+1 more
Timeline
PublishedMay 26
Latest updateMay 24

Description

A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5podofo_project/podofoPoDoFo 0.9.7

Also affects: Fedora 33, Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-6955-6c83-2jr3: A flaw was found in PoDoFo 02022-05-24
OSV
CVE-2021-30469: A flaw was found in PoDoFo 02021-05-26

📋Vendor Advisories

1
Debian
CVE-2021-30469: libpodofo - A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Cl...2021
CVE-2021-30469 — Use After Free in Project Podofo | cvebase