Published: 01/03/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote malicious users to cause a denial of service (infinite loop) via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
podofo project podofo 0.9.4

Debian Bug report logs - #860930 libpodofo: CVE-2017-7994: denial of service (NULL pointer dereference and application crash) via a crafted PDF document (TextExtractor::ExtractText in TextExtractorcpp:77) Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonacc ...

Debian Bug report logs - #854602 libpodofo: CVE-2017-5854/CVE-2018-5308 - NULL pointer dereference in PdfOutputStreamcpp Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: fixe ...

Debian Bug report logs - #854600 libpodofo: CVE-2017-5852 - Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: fixed- ...

Debian Bug report logs - #854603 libpodofo: CVE-2017-5855 - NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: ...

Debian Bug report logs - #854599 libpodofo: CVE-2015-8981 - Heap overflow in the function ReadXRefSubsection Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: fixed-upstream, s ...

Debian Bug report logs - #861738 libpodofo: CVE-2017-8787: heap based overflow in ReadXRefStreamEntry Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Xiaobo Xiang <xiangxb2112@gmailcom> Date: Wed, 3 May 2017 10:57:01 UTC Severity: normal Tags: security, upstream Fou ...

Debian Bug report logs - #854604 libpodofo: CVE-2017-5886 - heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizercpp) Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity ...

Debian Bug report logs - #854601 libpodofo: CVE-2017-5853 - Signed integer overflow in PdfParsercpp Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: security, upstream Fixed ...

CWE-835 https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/http://www.openwall.com/lists/oss-security/2017/02/02/10 http://www.openwall.com/lists/oss-security/2017/02/01/12 http://www.securityfocus.com/bid/97032 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860930

Get Started

CVE-2017-5852

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect