6.8
CVSSv2

CVE-2017-5886

Published: 01/03/2017 Updated: 04/03/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote malicious users to have unspecified impact via a crafted file.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

podofo project podofo 0.9.4

Vendor Advisories

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizercpp in PoDoFo 095 allows remote attackers to have unspecified impact via a crafted file ...
Debian Bug report logs - #892557 libpodofo: CVE-2018-8002 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Sat, 10 Mar 2018 05:33:02 UTC Severity: important Tags: security, upstream Found in version libpodofo/095-1 ...
Debian Bug report logs - #859331 libpodofo: CVE-2017-7379: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncodingcpp) Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 2 Apr 201 ...
Debian Bug report logs - #892556 libpodofo: CVE-2018-8001 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Sat, 10 Mar 2018 05:33:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version libpo ...
Debian Bug report logs - #854604 libpodofo: CVE-2017-5886 - heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizercpp) Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity ...
Debian Bug report logs - #854601 libpodofo: CVE-2017-5853 - Signed integer overflow in PdfParsercpp Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: security, upstream Fixed ...
Debian Bug report logs - #854602 libpodofo: CVE-2017-5854/CVE-2018-5308 - NULL pointer dereference in PdfOutputStreamcpp Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: fixe ...

Github Repositories

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

LinuxFlaw This repo records all the vulnerabilities of linux software I have reproduced in my local workspace If the vulnerability has both CVE-ID and EDB-ID, CVE-ID is preferred as its directory name All the vulnerable source code packages are stored in source-packages Vmware Workstation Images Image Name username password Ubuntu 810 exploit exploit Ubuntu 1004LTS

A collection of vulnerabilities discovered by the AFL fuzzer (afl-fuzz)

afl-cve A collection of vulnerabilities discovered by the AFL fuzzer (afl-fuzz) Introduction afl-cve is a collection of known vulnerabilities that can be attributed to the AFL fuzzer afl-fuzz All vulnerabilities in this list either already have a CVE assigned, or a CVE has been requested from a CVE Numbering Authority Why is This Necessary? Because CVE descriptions are not ge