Podofo Project Podofo vulnerabilities

CVE-2025-46205 [HIGH] CWE-416 CVE-2025-46205: A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allo A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue.

CVE-2025-9394 [MEDIUM] CWE-119 CVE-2025-9394: A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDa A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This pa

CVE-2023-31566 [HIGH] CWE-416 CVE-2023-31566: Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt: Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

CVE-2023-31567 [HIGH] CWE-787 CVE-2023-31567: Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncrypt Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

CVE-2023-31568 [HIGH] CWE-787 CVE-2023-31568: Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncrypt Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.

CVE-2023-31555 [MEDIUM] CVE-2023-31555: podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObj podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.

CVE-2023-31556 [MEDIUM] CWE-787 CVE-2023-31556: podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDic podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.

CVE-2023-2241 [HIGH] CWE-122 CVE-2023-2241: A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the funct A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a7

CVE-2020-18971 [MEDIUM] CWE-787 CVE-2020-18971: Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the c Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.

CVE-2020-18972 [MEDIUM] CWE-668 CVE-2020-18972: Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obta Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

CVE-2021-30472 [HIGH] CWE-119 CVE-2021-30472: A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKe A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.

CVE-2021-30471 [MEDIUM] CWE-674 CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary fu A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

CVE-2021-30469 [MEDIUM] CWE-416 CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can c A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

CVE-2021-30470 [MEDIUM] CWE-674 CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), Pd A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

CVE-2019-20093 [MEDIUM] CWE-476 CVE-2019-20093: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

CVE-2019-10723 [MEDIUM] CWE-770 CVE-2019-10723: An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp ha An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

CVE-2019-9687 [CRITICAL] CWE-787 CVE-2019-9687: PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.

CVE-2018-20797 [MEDIUM] CWE-119 CVE-2018-20797: An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.

CVE-2019-9199 [HIGH] CWE-476 CVE-2019-9199: PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer d PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVE-2018-20751 [HIGH] CWE-476 CVE-2018-20751: An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject() An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.