Published: 01/03/2017 Updated: 03/03/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
podofo project podofo 0.9.4

Debian Bug report logs - #854602 libpodofo: CVE-2017-5854/CVE-2018-5308 - NULL pointer dereference in PdfOutputStreamcpp Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: fixe ...

Debian Bug report logs - #854600 libpodofo: CVE-2017-5852 - Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: fixed- ...

Debian Bug report logs - #854603 libpodofo: CVE-2017-5855 - NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: ...

Debian Bug report logs - #854599 libpodofo: CVE-2015-8981 - Heap overflow in the function ReadXRefSubsection Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: fixed-upstream, s ...

Debian Bug report logs - #859331 libpodofo: CVE-2017-7379: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncodingcpp) Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 2 Apr 201 ...

Debian Bug report logs - #854604 libpodofo: CVE-2017-5886 - heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizercpp) Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity ...

Debian Bug report logs - #854601 libpodofo: CVE-2017-5853 - Signed integer overflow in PdfParsercpp Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: security, upstream Fixed ...

CWE-476 https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/http://www.openwall.com/lists/oss-security/2017/02/02/12 http://www.openwall.com/lists/oss-security/2017/02/01/14 http://www.securityfocus.com/bid/96072 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854602

Get Started

CVE-2017-5854

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect