CVE-2018-5309

Published: 09/01/2018 Updated: 29/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
podofo project podofo 0.9.5

Debian Bug report logs - #889511 libpodofo: CVE-2018-5295 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Matthias Brinke <podofo-sec-contrib@mailboxorg> Date: Sun, 4 Feb 2018 00:27:07 UTC Severity: important Tags: fixed-upstream, patch, security, upstream F ...

Debian Bug report logs - #892556 libpodofo: CVE-2018-8001 Package: src:libpodofo; Maintainer for src:libpodofo is Mattia Rizzolo <mattia@debianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Sat, 10 Mar 2018 05:33:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version libpo ...

In PoDoFo 095, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObjectcpp) Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file ...

CWE-190 https://bugzilla.redhat.com/show_bug.cgi?id=1532381 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889511

CVE-2018-5309

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect