Podofo_project Podofo
63 CVEs affecting Podofo_project Podofo. Latest disclosed: 2025-10-01. Critical: 3, High: 18.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-9687 | Critical | 9.8 | 2019-03-11 | PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. |
CVE-2017-8378 | Critical | 9.8 | 2017-05-01 | Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (a… |
CVE-2015-8981 | Critical | 9.8 | 2017-03-16 | Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vector… |
CVE-2023-31568 | High | 8.8 | 2023-05-10 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. |
CVE-2023-31567 | High | 8.8 | 2023-05-10 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. |
CVE-2023-31566 | High | 8.8 | 2023-05-10 | Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). |
CVE-2019-9199 | High | 8.8 | 2019-02-26 | PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a… |
CVE-2018-20751 | High | 8.8 | 2019-02-04 | An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be pr… |
CVE-2018-19532 | High | 8.8 | 2018-11-26 | A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject… |
CVE-2018-8002 | High | 8.8 | 2018-03-09 | In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow… |
CVE-2018-8000 | High | 8.8 | 2018-03-09 | In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-20… |
CVE-2017-8787 | High | 8.8 | 2017-05-05 | The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause… |
CVE-2025-46205 | High | 8.1 | 2025-10-01 | A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplyin… |
CVE-2021-30472 | High | 7.8 | 2021-05-26 | A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a impro… |
CVE-2018-12983 | High | 7.8 | 2018-06-29 | A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote att… |
CVE-2018-8001 | High | 7.8 | 2018-03-09 | In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability… |
CVE-2018-5308 | High | 7.8 | 2018-01-09 | PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could levera… |
CVE-2017-6844 | High | 7.8 | 2017-03-15 | Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a… |
CVE-2017-6843 | High | 7.8 | 2017-03-15 | Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact v… |
CVE-2017-5886 | High | 7.8 | 2017-03-01 | Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified i… |