Podofo Project Podofo vulnerabilities

61 known vulnerabilities affecting podofo_project/podofo.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH19MEDIUM40

Vulnerabilities

Page 3 of 4

CVE-2017-7380MEDIUMCVSS 5.5v0.9.52017-04-03

CVE-2017-7380 [MEDIUM] CWE-476 CVE-2017-7380: The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

nvd

CVE-2017-7383MEDIUMCVSS 5.5v0.9.52017-04-03

CVE-2017-7383 [MEDIUM] CWE-476 CVE-2017-7383: The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of serv The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

nvd

CVE-2017-7381MEDIUMCVSS 5.5v0.9.52017-04-03

CVE-2017-7381 [MEDIUM] CWE-476 CVE-2017-7381: The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

nvd

CVE-2017-7378MEDIUMCVSS 5.5v0.9.52017-04-03

CVE-2017-7378 [MEDIUM] CWE-125 CVE-2017-7378: The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attacker The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

nvd

CVE-2017-7379MEDIUMCVSS 5.5v0.9.52017-04-03

CVE-2017-7379 [MEDIUM] CWE-125 CVE-2017-7379: The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.

nvd

CVE-2017-7382MEDIUMCVSS 5.5v0.9.52017-04-03

CVE-2017-7382 [MEDIUM] CWE-476 CVE-2017-7382: The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of serv The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

nvd

CVE-2017-6843HIGHCVSS 7.8v0.9.42017-03-15

CVE-2017-6843 [HIGH] CWE-119 CVE-2017-6843: Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

nvd

CVE-2017-6844HIGHCVSS 7.8v0.9.42017-03-15

CVE-2017-6844 [HIGH] CWE-119 CVE-2017-6844: Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9 Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

nvd

CVE-2017-6841MEDIUMCVSS 5.5v0.9.52017-03-15

CVE-2017-6841 [MEDIUM] CWE-476 CVE-2017-6841: The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDo The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

nvd

CVE-2017-6848MEDIUMCVSS 5.5v0.9.52017-03-15

CVE-2017-6848 [MEDIUM] CWE-476 CVE-2017-6848: The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attacker The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

nvd

CVE-2017-6842MEDIUMCVSS 5.5v0.9.52017-03-15

CVE-2017-6842 [MEDIUM] CWE-476 CVE-2017-6842: The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attac The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

nvd

CVE-2017-6845MEDIUMCVSS 5.5v0.9.42017-03-15

CVE-2017-6845 [MEDIUM] CWE-476 CVE-2017-6845: The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to c The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

nvd

CVE-2017-6846MEDIUMCVSS 5.5v0.9.42017-03-15

CVE-2017-6846 [MEDIUM] CWE-476 CVE-2017-6846: The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in Po The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

nvd

CVE-2017-6847MEDIUMCVSS 5.5v0.9.42017-03-15

CVE-2017-6847 [MEDIUM] CWE-476 CVE-2017-6847: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

nvd

CVE-2017-6849MEDIUMCVSS 5.5v0.9.42017-03-15

CVE-2017-6849 [MEDIUM] CWE-476 CVE-2017-6849: The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attac The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

nvd

CVE-2017-6840MEDIUMCVSS 5.5v0.9.52017-03-15

CVE-2017-6840 [MEDIUM] CWE-125 CVE-2017-6840: The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attac The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.

nvd

CVE-2017-5853HIGHCVSS 7.8v0.9.42017-03-01

CVE-2017-5853 [HIGH] CWE-190 CVE-2017-5853: Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified i Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

nvd

CVE-2017-5886HIGHCVSS 7.8v0.9.42017-03-01

CVE-2017-5886 [HIGH] CWE-119 CVE-2017-5886: Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

nvd

CVE-2017-5854MEDIUMCVSS 5.5v0.9.42017-03-01

CVE-2017-5854 [MEDIUM] CWE-476 CVE-2017-5854: base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

nvd

CVE-2017-5852MEDIUMCVSS 5.5v0.9.42017-03-01

CVE-2017-5852 [MEDIUM] CWE-835 CVE-2017-5852: The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allow The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

nvd

← Previous3 / 4Next →