Published: 17/09/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

This vulnerability allows remote malicious users to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.

Vulnerable Product	Search on Vulmon	Subscribe to Product
podofo project podofo -

Debian Bug report logs - #916581 libpodofo: CVE-2018-12982 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Dec 2018 10:03:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in ...

Debian Bug report logs - #916585 libpodofo: CVE-2018-11254 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Dec 2018 10:27:03 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...

Debian Bug report logs - #916085 libpodofo: CVE-2018-19532 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 9 Dec 2018 21:24:04 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...

Debian Bug report logs - #916240 libpodofo: CVE-2018-14320 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Dec 2018 20:27:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in ...

Debian Bug report logs - #916142 libpodofo: CVE-2018-5783 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Dec 2018 16:21:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version ...

Debian Bug report logs - #916583 libpodofo: CVE-2018-11256 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Dec 2018 10:18:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file The specific flaw exists within PdfEncoding::ParseToUnicode The issue results from the lack of proper ...

CWE-119 https://zerodayinitiative.com/advisories/ZDI-18-1046 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916581

CVE-2018-14320

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect