| 0 |
| url |
VCID-316u-w5wu-9feb |
| vulnerability_id |
VCID-316u-w5wu-9feb |
| summary |
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-5296
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-316u-w5wu-9feb |
|
| 1 |
|
| 2 |
| url |
VCID-518j-a2se-s7en |
| vulnerability_id |
VCID-518j-a2se-s7en |
| summary |
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-8054
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-518j-a2se-s7en |
|
| 3 |
|
| 4 |
| url |
VCID-6t38-8fgf-1bct |
| vulnerability_id |
VCID-6t38-8fgf-1bct |
| summary |
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-8378
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6t38-8fgf-1bct |
|
| 5 |
|
| 6 |
| url |
VCID-a7tq-z4ru-x3e4 |
| vulnerability_id |
VCID-a7tq-z4ru-x3e4 |
| summary |
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-12982
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a7tq-z4ru-x3e4 |
|
| 7 |
|
| 8 |
| url |
VCID-c18a-ad9t-tuh7 |
| vulnerability_id |
VCID-c18a-ad9t-tuh7 |
| summary |
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-5783
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c18a-ad9t-tuh7 |
|
| 9 |
|
| 10 |
| url |
VCID-esuc-bxyu-5yaf |
| vulnerability_id |
VCID-esuc-bxyu-5yaf |
| summary |
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-5308
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-esuc-bxyu-5yaf |
|
| 11 |
| url |
VCID-f5rd-ukfj-d7gm |
| vulnerability_id |
VCID-f5rd-ukfj-d7gm |
| summary |
An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-11255
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f5rd-ukfj-d7gm |
|
| 12 |
| url |
VCID-fma7-b6ey-hfce |
| vulnerability_id |
VCID-fma7-b6ey-hfce |
| summary |
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-5295
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fma7-b6ey-hfce |
|
| 13 |
| url |
VCID-hz7z-m9uk-gff2 |
| vulnerability_id |
VCID-hz7z-m9uk-gff2 |
| summary |
The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-6848
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hz7z-m9uk-gff2 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| url |
VCID-nzcx-gn2k-4uhz |
| vulnerability_id |
VCID-nzcx-gn2k-4uhz |
| summary |
An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-11256
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcx-gn2k-4uhz |
|
| 18 |
| url |
VCID-pkrw-gaqw-rfe3 |
| vulnerability_id |
VCID-pkrw-gaqw-rfe3 |
| summary |
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-5309
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pkrw-gaqw-rfe3 |
|
| 19 |
|
| 20 |
| url |
VCID-wm3b-jyn4-dfd5 |
| vulnerability_id |
VCID-wm3b-jyn4-dfd5 |
| summary |
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-6352
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wm3b-jyn4-dfd5 |
|
| 21 |
| url |
VCID-y1ss-dj9f-bqge |
| vulnerability_id |
VCID-y1ss-dj9f-bqge |
| summary |
An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-11254
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ss-dj9f-bqge |
|