ALT-PU-2021-1684-1
Closed vulnerabilities
BDU:2019-02839
Уязвимость функции crop_page() программной библиотеки PoDoFo, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01664
Уязвимость функции IsNextToken компонента src/base/PdfToenizer.cpp программной библиотеки для работы с PDF PoDoFo, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2022-01797
Уязвимость компонента src/base/PdfDictionary.cpp программной библиотеки для работы с PDF PoDoFo, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-19532
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
- https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/
- https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/
- https://sourceforge.net/p/podofo/tickets/32/
- https://sourceforge.net/p/podofo/tickets/32/
Modified: 2024-11-21
CVE-2018-20751
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.
Modified: 2024-11-21
CVE-2018-20797
An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.
Modified: 2024-11-21
CVE-2019-10723
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.
Modified: 2024-11-21
CVE-2019-20093
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
Modified: 2024-11-21
CVE-2019-9199
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
- https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9
- https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8
- FEDORA-2019-a1dc51a9e2
- FEDORA-2019-023ea18e20
- https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/
- https://sourceforge.net/p/podofo/tickets/40/
- https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9
- https://sourceforge.net/p/podofo/tickets/40/
- https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/
- FEDORA-2019-023ea18e20
- FEDORA-2019-a1dc51a9e2
- https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8
Modified: 2024-11-21
CVE-2019-9687
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
Modified: 2024-11-21
CVE-2020-18971
Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
Modified: 2024-11-21
CVE-2020-18972
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.