Vulnerabilities > CVE-2018-8002 - Infinite Loop vulnerability in Podofo Project Podofo 0.9.5

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

podofo-project

CWE-835

exploit available

NVD

Published: 2018-03-09

Updated: 2019-10-03

Summary

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

Vulnerable Configurations

Part	Description	Count
Application	Podofo_Project Podofo Project Podofo 0.9.5	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit-Db

description	PoDoFo 0.9.5 - Buffer Overflow. CVE-2018-8002. Dos exploit for Linux platform. Tags: Buffer Overflow
file	exploits/linux/dos/44946.txt
id	EDB-ID:44946
last seen	2018-06-26
modified	2018-06-26
platform	linux
port
published	2018-06-26
reporter	Exploit-DB
source	https://www.exploit-db.com/download/44946/
title	PoDoFo 0.9.5 - Buffer Overflow
type	dos

Packetstorm

data source	https://packetstormsecurity.com/files/download/148308/podofo095-overflow.txt
id	PACKETSTORM:148308
last seen	2018-06-27
published	2018-06-26
reporter	r4xis
source	https://packetstormsecurity.com/files/148308/PoDoFo-0.9.5-Buffer-Overflow.html
title	PoDoFo 0.9.5 Buffer Overflow

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References