Debian Libpodofo vulnerabilities
50 known vulnerabilities affecting debian/libpodofo.
Total CVEs
50
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM26LOW14
Vulnerabilities
Page 2 of 3
CVE-2020-18971P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.8+dfsg-1 (bookworm)2020
CVE-2020-18971 [MEDIUM] CVE-2020-18971: libpodofo - Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial ...
Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
Scope: local
bookworm: resolved (fixed in 0.9.8+dfsg-1)
bullseye: open
forky: resolved (fixed in 0.9.8+dfsg-1)
sid: resolved (fixed in 0.9.8+dfsg-1)
trixie: resolved (fixed in 0.9.8+dfsg-1)
debian
CVE-2017-5854P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-5854 [MEDIUM] CVE-2017-5854: libpodofo - base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a deni...
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.5-9)
bullseye: resolved (fixed in 0.9.5-9)
forky: resolved (fixed in 0.9.5-9)
sid: resolved (fixed in 0.9.5-9)
trixie: resolved (fixed in 0.9.5-9)
debian
CVE-2017-5852P4LOWCVSS 5.5fixed in libpodofo 0.9.5-7 (bookworm)2017
CVE-2017-5852 [MEDIUM] CVE-2017-5852: libpodofo - The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp i...
The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.5-7)
bullseye: resolved (fixed in 0.9.5-7)
forky: resolved (fixed in 0.9.5-7)
sid: resolved (fixed in 0.9.5-7)
trixie: resolved (fixed i
debian
CVE-2019-20093P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.8+dfsg-2 (bookworm)2019
CVE-2019-20093 [MEDIUM] CVE-2019-20093: libpodofo - The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 all...
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
Scope: local
bookworm: resolved (fixed in 0.9.8+dfsg-2)
bullseye: open
forky: resolved (fixed in 0.9.8+dfsg-2)
sid: resolved (fixed in 0.9.8+dfsg-2)
trixie:
debian
CVE-2017-7378P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7378 [MEDIUM] CVE-2017-7378: libpodofo - The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 al...
The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6
debian
CVE-2017-7379P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-5 (bookworm)2017
CVE-2017-7379 [MEDIUM] CVE-2017-7379: libpodofo - The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in ...
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
Scope: local
bookworm: resolved (fixed in 0.9.4-5)
bullseye: resolved (fixed in 0.9.4-5)
forky: resolved (fixed in 0.9.4-5)
sid: resolved (f
debian
CVE-2017-6845P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-6845 [MEDIUM] CVE-2017-6845: libpodofo - The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows r...
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.5-9)
bullseye: resolved (fixed in 0.9.5-9)
forky: resolved (fixed in 0.9.5-9)
sid: resolved (fixed in 0.9.5-9)
trixie: resolved (fixed in 0.9.5-9)
debian
CVE-2017-6849P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-6849 [MEDIUM] CVE-2017-6849: libpodofo - The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4...
The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.5-9)
bullseye: resolved (fixed in 0.9.5-9)
forky: resolved (fixed in 0.9.5-9)
sid: resolved (fixed in 0.9.5-9)
trixie: resolved (fixed in 0
debian
CVE-2017-6846P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-6846 [MEDIUM] CVE-2017-6846: libpodofo - The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in g...
The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.5-9)
bullseye: resolved (fixed in 0.9.5-9)
forky: resolved (fixed in 0.9.5-9)
sid: resolved (fixed in 0.9.5-9
debian
CVE-2017-6848P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-6848 [MEDIUM] CVE-2017-6848: libpodofo - The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 al...
The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6)
trixie: resolved (fixed in 0.9.
debian
CVE-2018-12982P4LOWCVSS 5.5fixed in libpodofo 0.9.6+dfsg-4 (bookworm)2018
CVE-2018-12982 [MEDIUM] CVE-2018-12982: libpodofo - Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVari...
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.6+dfsg-4)
bullseye: resolved (fixed in 0.9.6+dfsg-4)
forky: resolved (fixed in 0.9.6+dfsg-4)
sid: resolved (fixed in 0.9.6+dfsg-4)
trix
debian
CVE-2017-7380P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7380 [MEDIUM] CVE-2017-7380: libpodofo - The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause...
The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6)
trixie: resolved (fixed in 0.9.
debian
CVE-2017-7381P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7381 [MEDIUM] CVE-2017-7381: libpodofo - The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause...
The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6)
trixie: resolved (fixed in 0.9.
debian
CVE-2017-6847P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-6847 [MEDIUM] CVE-2017-6847: libpodofo - The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 all...
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6)
trixie: resolved (fixed in 0.9.4
debian
CVE-2017-6842P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-6842 [MEDIUM] CVE-2017-6842: libpodofo - The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5...
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6)
trixie: resolved (fixed in 0
debian
CVE-2017-5855P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-5855 [MEDIUM] CVE-2017-5855: libpodofo - The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0....
The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6)
trixie: resolved (fixed i
debian
CVE-2018-5295P4LOWCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2018
CVE-2018-5295 [MEDIUM] CVE-2018-5295: libpodofo - In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::...
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Scope: local
bookworm: resolved (fixed in 0.9.5-9)
bullseye: resolved (fixed in 0.9.5-9)
forky: resolved (fixed in 0.9.5-9)
debian
CVE-2019-10723P4LOWCVSS 5.5fixed in libpodofo 0.9.8+dfsg-2 (bookworm)2019
CVE-2019-10723 [MEDIUM] CVE-2019-10723: libpodofo - An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfP...
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.
Scope: local
bookworm: resolved (fixed in 0.9.8+dfsg-2)
bullseye: open
forky: resolved (fixed in 0.9.8+dfsg-2)
sid: resolved (fixed in 0.9.8+dfsg-2)
trixie: resolved (fixed in 0.9.8+
debian
CVE-2017-7382P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7382 [MEDIUM] CVE-2017-7382: libpodofo - The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to ca...
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6)
trixie: resolved (fixed in 0
debian
CVE-2017-7383P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7383 [MEDIUM] CVE-2017-7383: libpodofo - The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to ca...
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Scope: local
bookworm: resolved (fixed in 0.9.4-6)
bullseye: resolved (fixed in 0.9.4-6)
forky: resolved (fixed in 0.9.4-6)
sid: resolved (fixed in 0.9.4-6)
trixie: resolved (fixed in 0
debian