Vulnerabilities > CVE-2018-19532 - NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.6

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

podofo-project

CWE-476

nessus

NVD

Published: 2018-11-26

Updated: 2018-12-19

Summary

A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.

Vulnerable Configurations

Part	Description	Count
Application	Podofo_Project Podofo Project Podofo 0.9.6	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-6B9320D9C9.NASL
description	This update fixes multiple security vulnerabilities: CVE-2018-5783, CVE-2018-11254, CVE-2018-11255, CVE-2018-11256, CVE-2018-12982, CVE-2018-14320, CVE-2018-19532 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120503
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120503
title	Fedora 29 : mingw-podofo / podofo (2018-6b9320d9c9)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References