Podofo ProjectCVEs & Vulnerabilities

63 CVEs affecting Podofo Project products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

podofo 63
CVE-2017-6849MEDIUM

The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

15 Mar 2017
5.5
CVSS
CVE-2017-6848MEDIUM

The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

15 Mar 2017
5.5
CVSS
CVE-2017-6847MEDIUM

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

15 Mar 2017
5.5
CVSS
CVE-2017-6846MEDIUM

The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

15 Mar 2017
5.5
CVSS
CVE-2017-6845MEDIUM

The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

15 Mar 2017
5.5
CVSS
CVE-2017-6844HIGH

Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

15 Mar 2017
7.8
CVSS
CVE-2017-6843HIGH

Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

15 Mar 2017
7.8
CVSS
CVE-2017-6842MEDIUM

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

15 Mar 2017
5.5
CVSS
CVE-2017-6841MEDIUM

The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

15 Mar 2017
5.5
CVSS
CVE-2017-6840MEDIUM

The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.

15 Mar 2017
5.5
CVSS
CVE-2017-5886HIGH

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

1 Mar 2017
7.8
CVSS
CVE-2017-5855MEDIUM

The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

1 Mar 2017
5.5
CVSS
CVE-2017-5854MEDIUM

base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

1 Mar 2017
5.5
CVSS
CVE-2017-5853HIGH

Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

1 Mar 2017
7.8
CVSS
CVE-2017-5852MEDIUM

The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

1 Mar 2017
5.5
CVSS
← PrevPage 2 / 2Next →