Published: 01/03/2017 Updated: 04/03/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote malicious users to have unspecified impact via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
podofo project podofo 0.9.4

Debian Bug report logs - #854602 libpodofo: CVE-2017-5854/CVE-2018-5308 - NULL pointer dereference in PdfOutputStreamcpp Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: fixe ...

Debian Bug report logs - #859331 libpodofo: CVE-2017-7379: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncodingcpp) Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 2 Apr 201 ...

Debian Bug report logs - #854604 libpodofo: CVE-2017-5886 - heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizercpp) Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity ...

Debian Bug report logs - #854601 libpodofo: CVE-2017-5853 - Signed integer overflow in PdfParsercpp Package: libpodofo; Maintainer for libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Sat, 4 Feb 2017 10:51:02 UTC Severity: important Tags: security, upstream Fixed ...

Debian Bug report logs - #892556 libpodofo: CVE-2018-8001 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Sat, 10 Mar 2018 05:33:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version libpo ...

Debian Bug report logs - #892557 libpodofo: CVE-2018-8002 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Sat, 10 Mar 2018 05:33:02 UTC Severity: important Tags: security, upstream Found in version libpodofo/095-1 ...

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizercpp in PoDoFo 095 allows remote attackers to have unspecified impact via a crafted file ...

CWE-119 https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/http://www.securityfocus.com/bid/96512 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854602 https://security.archlinux.org/CVE-2017-5886

Get Started

CVE-2017-5886

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect