Filtered by vendor Podofo Project
Subscriptions
Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-6840 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. | ||||
CVE-2017-6848 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||||
CVE-2017-6847 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||||
CVE-2017-6841 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||||
CVE-2017-6843 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | ||||
CVE-2017-6849 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||||
CVE-2017-6844 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | ||||
CVE-2017-6842 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||||
CVE-2017-5854 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | ||||
CVE-2017-5852 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file. | ||||
CVE-2017-5853 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | ||||
CVE-2017-5886 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | ||||
CVE-2017-5855 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||||
CVE-2018-20797 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. | ||||
CVE-2018-19532 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. | ||||
CVE-2018-14320 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. | ||||
CVE-2018-12983 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. | ||||
CVE-2018-12982 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. | ||||
CVE-2018-8000 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file. | ||||
CVE-2018-8001 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. |