cbcvebase.

Debian Libpodofo vulnerabilities

50 known vulnerabilities affecting debian/libpodofo.

Total CVEs
50
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM26LOW14

Vulnerabilities

Page 2 of 3
CVE-2020-18971P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.8+dfsg-1 (bookworm)2020
CVE-2020-18971 [MEDIUM] CVE-2020-18971: libpodofo - Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial ... Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. Scope: local bookworm: resolved (fixed in 0.9.8+dfsg-1) bullseye: open forky: resolved (fixed in 0.9.8+dfsg-1) sid: resolved (fixed in 0.9.8+dfsg-1) trixie: resolved (fixed in 0.9.8+dfsg-1)
debian
CVE-2017-5854P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-5854 [MEDIUM] CVE-2017-5854: libpodofo - base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a deni... base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.5-9) bullseye: resolved (fixed in 0.9.5-9) forky: resolved (fixed in 0.9.5-9) sid: resolved (fixed in 0.9.5-9) trixie: resolved (fixed in 0.9.5-9)
debian
CVE-2017-5852P4LOWCVSS 5.5fixed in libpodofo 0.9.5-7 (bookworm)2017
CVE-2017-5852 [MEDIUM] CVE-2017-5852: libpodofo - The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp i... The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.5-7) bullseye: resolved (fixed in 0.9.5-7) forky: resolved (fixed in 0.9.5-7) sid: resolved (fixed in 0.9.5-7) trixie: resolved (fixed i
debian
CVE-2019-20093P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.8+dfsg-2 (bookworm)2019
CVE-2019-20093 [MEDIUM] CVE-2019-20093: libpodofo - The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 all... The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. Scope: local bookworm: resolved (fixed in 0.9.8+dfsg-2) bullseye: open forky: resolved (fixed in 0.9.8+dfsg-2) sid: resolved (fixed in 0.9.8+dfsg-2) trixie:
debian
CVE-2017-7378P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7378 [MEDIUM] CVE-2017-7378: libpodofo - The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 al... The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6
debian
CVE-2017-7379P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-5 (bookworm)2017
CVE-2017-7379 [MEDIUM] CVE-2017-7379: libpodofo - The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in ... The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.9.4-5) bullseye: resolved (fixed in 0.9.4-5) forky: resolved (fixed in 0.9.4-5) sid: resolved (f
debian
CVE-2017-6845P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-6845 [MEDIUM] CVE-2017-6845: libpodofo - The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows r... The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.5-9) bullseye: resolved (fixed in 0.9.5-9) forky: resolved (fixed in 0.9.5-9) sid: resolved (fixed in 0.9.5-9) trixie: resolved (fixed in 0.9.5-9)
debian
CVE-2017-6849P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-6849 [MEDIUM] CVE-2017-6849: libpodofo - The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4... The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.5-9) bullseye: resolved (fixed in 0.9.5-9) forky: resolved (fixed in 0.9.5-9) sid: resolved (fixed in 0.9.5-9) trixie: resolved (fixed in 0
debian
CVE-2017-6846P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2017
CVE-2017-6846 [MEDIUM] CVE-2017-6846: libpodofo - The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in g... The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.5-9) bullseye: resolved (fixed in 0.9.5-9) forky: resolved (fixed in 0.9.5-9) sid: resolved (fixed in 0.9.5-9
debian
CVE-2017-6848P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-6848 [MEDIUM] CVE-2017-6848: libpodofo - The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 al... The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed in 0.9.
debian
CVE-2018-12982P4LOWCVSS 5.5fixed in libpodofo 0.9.6+dfsg-4 (bookworm)2018
CVE-2018-12982 [MEDIUM] CVE-2018-12982: libpodofo - Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVari... Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.6+dfsg-4) bullseye: resolved (fixed in 0.9.6+dfsg-4) forky: resolved (fixed in 0.9.6+dfsg-4) sid: resolved (fixed in 0.9.6+dfsg-4) trix
debian
CVE-2017-7380P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7380 [MEDIUM] CVE-2017-7380: libpodofo - The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause... The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed in 0.9.
debian
CVE-2017-7381P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7381 [MEDIUM] CVE-2017-7381: libpodofo - The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause... The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed in 0.9.
debian
CVE-2017-6847P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-6847 [MEDIUM] CVE-2017-6847: libpodofo - The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 all... The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed in 0.9.4
debian
CVE-2017-6842P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-6842 [MEDIUM] CVE-2017-6842: libpodofo - The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5... The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed in 0
debian
CVE-2017-5855P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-5855 [MEDIUM] CVE-2017-5855: libpodofo - The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.... The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed i
debian
CVE-2018-5295P4LOWCVSS 5.5fixed in libpodofo 0.9.5-9 (bookworm)2018
CVE-2018-5295 [MEDIUM] CVE-2018-5295: libpodofo - In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::... In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. Scope: local bookworm: resolved (fixed in 0.9.5-9) bullseye: resolved (fixed in 0.9.5-9) forky: resolved (fixed in 0.9.5-9)
debian
CVE-2019-10723P4LOWCVSS 5.5fixed in libpodofo 0.9.8+dfsg-2 (bookworm)2019
CVE-2019-10723 [MEDIUM] CVE-2019-10723: libpodofo - An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfP... An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. Scope: local bookworm: resolved (fixed in 0.9.8+dfsg-2) bullseye: open forky: resolved (fixed in 0.9.8+dfsg-2) sid: resolved (fixed in 0.9.8+dfsg-2) trixie: resolved (fixed in 0.9.8+
debian
CVE-2017-7382P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7382 [MEDIUM] CVE-2017-7382: libpodofo - The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to ca... The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed in 0
debian
CVE-2017-7383P4MEDIUMCVSS 5.5fixed in libpodofo 0.9.4-6 (bookworm)2017
CVE-2017-7383 [MEDIUM] CVE-2017-7383: libpodofo - The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to ca... The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.9.4-6) bullseye: resolved (fixed in 0.9.4-6) forky: resolved (fixed in 0.9.4-6) sid: resolved (fixed in 0.9.4-6) trixie: resolved (fixed in 0
debian
Debian Libpodofo vulnerabilities | cvebase