Vulnerabilities > Podofo Project

DATE CVE VULNERABILITY TITLE RISK
2019-12-30 CVE-2019-20093 Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.6
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
4.3
2019-04-03 CVE-2019-10723 Allocation of Resources Without Limits OR Throttling vulnerability in Podofo Project Podofo 0.9.6
An issue was discovered in PoDoFo 0.9.6.
4.3
2019-03-11 CVE-2019-9687 Out-Of-Bounds Write vulnerability in multiple products
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
network
low complexity
podofo-project fedoraproject CWE-787
7.5
2019-02-27 CVE-2018-20797 Buffer Errors vulnerability in Podofo Project Podofo 0.9.6
An issue was discovered in PoDoFo 0.9.6.
4.3
2019-02-26 CVE-2019-9199 Null Pointer Dereference vulnerability in multiple products
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary.
6.8
2019-02-04 CVE-2018-20751 Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.6
An issue was discovered in crop_page in PoDoFo 0.9.6.
6.8
2018-11-26 CVE-2018-19532 Null Pointer Dereference vulnerability in Podofo Project Podofo 0.9.6
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose.
6.8
2018-09-17 CVE-2018-14320 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Podofo Project Podofo
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo.
4.3
2018-06-29 CVE-2018-12983 Out-Of-Bounds Read vulnerability in Podofo Project Podofo 0.9.6
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
6.8
2018-06-29 CVE-2018-12982 Buffer Errors vulnerability in Podofo Project Podofo 0.9.6
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
4.3