Vulnerabilities > Podofo Project > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-09 | CVE-2018-8001 | Out-of-bounds Read vulnerability in Podofo Project Podofo 0.9.5 In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. | 7.8 |
| 2018-03-09 | CVE-2018-8000 | Out-of-bounds Write vulnerability in Podofo Project Podofo 0.9.5 In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. | 8.8 |
| 2018-01-09 | CVE-2018-5308 | NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). | 7.8 |
| 2017-05-05 | CVE-2017-8787 | Out-of-bounds Read vulnerability in Podofo Project Podofo 0.9.5 The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. | 8.8 |
| 2017-03-15 | CVE-2017-6844 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Podofo Project Podofo 0.9.4 Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | 7.8 |
| 2017-03-15 | CVE-2017-6843 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Podofo Project Podofo 0.9.4 Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | 7.8 |
| 2017-03-01 | CVE-2017-5886 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Podofo Project Podofo 0.9.4 Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | 7.8 |
| 2017-03-01 | CVE-2017-5853 | Integer Overflow or Wraparound vulnerability in Podofo Project Podofo 0.9.4 Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | 7.8 |