cbcvebase.

Debian Libpodofo vulnerabilities

50 known vulnerabilities affecting debian/libpodofo.

Total CVEs
50
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM26LOW14

Vulnerabilities

Page 1 of 3
CVE-2018-8002P3HIGHCVSS 8.8PoCfixed in libpodofo 0.9.8+dfsg-1 (bookworm)2018
CVE-2018-8002 [HIGH] CVE-2018-8002: libpodofo - In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject:... In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. Scope: local bookworm: resolved (fixed in 0.9.8+dfsg-1) bullseye: o
debian
CVE-2019-9687P3CRITICALCVSS 9.8fixed in libpodofo 0.9.6+dfsg-5 (bookworm)2019
CVE-2019-9687 [CRITICAL] CVE-2019-9687: libpodofo - PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 i... PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. Scope: local bookworm: resolved (fixed in 0.9.6+dfsg-5) bullseye: resolved (fixed in 0.9.6+dfsg-5) forky: resolved (fixed in 0.9.6+dfsg-5) sid: resolved (fixed in 0.9.6+dfsg-5) trixie: resolved (fixed in 0.9.6+dfsg-5)
debian
CVE-2015-8981P3CRITICALCVSS 9.8fixed in libpodofo 0.9.4-1 (bookworm)2015
CVE-2015-8981 [CRITICAL] CVE-2015-8981: libpodofo - Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base... Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. Scope: local bookworm: resolved (fixed in 0.9.4-1) bullseye: resolved (fixed in 0.9.4-1) forky: resolved (fixed in 0.9.4-1) sid: resolved (fixed in 0.9.4-1) trixie: resolved (f
debian
CVE-2017-8378P3CRITICALCVSS 9.8fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-8378 [CRITICAL] CVE-2017-8378: libpodofo - Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfPar... Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. Scope: local bookworm: resolved (fixed in 0.9.5-9) bullseye: resolved (fixed in 0.9.5-9) forky: resolved (
debian
CVE-2019-9199P3LOWCVSS 8.8fixed in libpodofo 0.9.6+dfsg-5 (bookworm)2019
CVE-2019-9199 [HIGH] CVE-2019-9199: libpodofo - PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 ... PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Scope: local bookworm: resolved (fixed in 0.9.6+df
debian
CVE-2018-20751P3HIGHCVSS 8.8fixed in libpodofo 0.9.6+dfsg-4 (bookworm)2018
CVE-2018-20751 [HIGH] CVE-2018-20751: libpodofo - An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document... An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. Scope: local bookworm: resolved (fi
debian
CVE-2017-5886P3HIGHCVSS 7.8fixed in libpodofo 0.9.4-5 (bookworm)2017
CVE-2017-5886 [HIGH] CVE-2017-5886: libpodofo - Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in... Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.4-5) bullseye: resolved (fixed in 0.9.4-5) forky: resolved (fixed in 0.9.4-5) sid: resolved (fixed in 0.9.4-5) trixie: resolved (fixed in
debian
CVE-2018-19532P3LOWCVSS 8.8fixed in libpodofo 0.9.6+dfsg-4 (bookworm)2018
CVE-2018-19532 [HIGH] CVE-2018-19532: libpodofo - A NULL pointer dereference vulnerability exists in the function PdfTranslator::s... A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. Scope: local bookworm: resolved (fixed in 0.9.6+dfsg-4) bullseye: resolved (fixed in 0.9.6+dfsg-4) forky: resolved (fixed i
debian
CVE-2017-8787P3HIGHCVSS 8.8fixed in libpodofo 0.9.5-7 (bookworm)2017
CVE-2017-8787 [HIGH] CVE-2017-8787: libpodofo - The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfX... The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. Scope: local bookworm: resolved (fixed in 0.9.5-7) bullseye: resolved (fixed in 0.9.5-7) fork
debian
CVE-2017-6843P3HIGHCVSS 7.8fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-6843 [HIGH] CVE-2017-6843: libpodofo - Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in Pd... Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed in 0.9.4-
debian
CVE-2018-14320P3MEDIUMCVSS 6.5fixed in libpodofo 0.9.6+dfsg-4 (bookworm)2018
CVE-2018-14320 [MEDIUM] CVE-2018-14320: libpodofo - This vulnerability allows remote attackers to disclose sensitive information on ... This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of
debian
CVE-2017-6844P4HIGHCVSS 7.8fixed in libpodofo 0.9.4-5 (bookworm)2017
CVE-2017-6844 [HIGH] CVE-2017-6844: libpodofo - Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfPars... Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.4-5) bullseye: resolved (fixed in 0.9.4-5) forky: resolved (fixed in 0.9.4-5) sid: resolved (fixed in 0.9.4-5) trixie: resolved (fixed in 0.9.4-5)
debian
CVE-2017-5853P4HIGHCVSS 7.8fixed in libpodofo 0.9.4-5 (bookworm)2017
CVE-2017-5853 [HIGH] CVE-2017-5853: libpodofo - Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers t... Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.4-5) bullseye: resolved (fixed in 0.9.4-5) forky: resolved (fixed in 0.9.4-5) sid: resolved (fixed in 0.9.4-5) trixie: resolved (fixed in 0.9.4-5)
debian
CVE-2018-8001P4LOWCVSS 7.8fixed in libpodofo 0.9.6+dfsg-3 (bookworm)2018
CVE-2018-8001 [HIGH] CVE-2018-8001: libpodofo - In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in Une... In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. Scope: local bookworm: resolved (fixed in 0.9.6+dfsg-3) bullseye: resolved (fixed in 0.9.6+dfsg-3) forky: resolved (fix
debian
CVE-2018-5308P4LOWCVSS 7.8fixed in libpodofo 0.9.5-9 (bookworm)2018
CVE-2018-5308 [HIGH] CVE-2018-5308: libpodofo - PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputS... PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. Scope: local bookworm: resolved (fixed in 0.9.5-9) bullseye: resolved (fixed in 0.9.5-9) forky: r
debian
CVE-2018-12983P4LOWCVSS 7.8fixed in libpodofo 0.9.8+dfsg-2 (bookworm)2018
CVE-2018-12983 [HIGH] CVE-2018-12983: libpodofo - A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() ... A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. Scope: local bookworm: resolved (fixed in 0.9.8+dfsg-2) bullseye: open forky: resolved (fixed in 0.9.8+dfsg-2) sid: resolved (fixed in 0.9.8+dfsg-2
debian
CVE-2017-7994P4MEDIUMCVSS 6.5fixed in libpodofo 0.9.5-7 (bookworm)2017
CVE-2017-7994 [MEDIUM] CVE-2017-7994: libpodofo - The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 ... The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.9.5-7) bullseye: resolved (fixed in 0.9.5-7) forky: resolved (fixed in 0.9.5-7) sid: resolved (fixed in 0.9.5-7)
debian
CVE-2018-11256P4LOWCVSS 6.5fixed in libpodofo 0.9.6+dfsg-4 (bookworm)2018
CVE-2018-11256 [MEDIUM] CVE-2018-11256: libpodofo - An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in P... An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.9.6+dfsg-4) bullseye: resolved (fixed in 0.9.6+dfsg-4) forky: resolved (fixed i
debian
CVE-2021-30470P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.8+dfsg-1 (bookworm)2021
CVE-2021-30470 [MEDIUM] CVE-2021-30470: libpodofo - A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokeni... A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. Scope: local bookworm: resolved (fixed in 0.9.8+dfsg-1) bullseye: open forky: resolved (fixed in 0.9.8+dfsg-1) sid: resolved (fixed in 0.9.8+dfsg-1) trixie: resol
debian
CVE-2021-30471P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.8+dfsg-1 (bookworm)2021
CVE-2021-30471 [MEDIUM] CVE-2021-30471: libpodofo - A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree... A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. Scope: local bookworm: resolved (fixed in 0.9.8+dfsg-1) bullseye: open forky: resolved (fixed in 0.9.8+dfsg-1) sid: resolved (fixed in 0.9.8+dfsg-1) trixie: resolved (fixed in 0.9.8+dfsg-1)
debian
Debian Libpodofo vulnerabilities | cvebase