Podofo_project Podofo

63 CVEs affecting Podofo_project Podofo. Latest disclosed: 2025-10-01. Critical: 3, High: 18.

Top CVEs affecting Podofo_project Podofo
CVESeverityScorePublishedSummary
CVE-2019-9687Critical9.82019-03-11PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
CVE-2017-8378Critical9.82017-05-01Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (a…
CVE-2015-8981Critical9.82017-03-16Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vector…
CVE-2023-31568High8.82023-05-10Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.
CVE-2023-31567High8.82023-05-10Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
CVE-2023-31566High8.82023-05-10Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2019-9199High8.82019-02-26PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a…
CVE-2018-20751High8.82019-02-04An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be pr…
CVE-2018-19532High8.82018-11-26A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject…
CVE-2018-8002High8.82018-03-09In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow…
CVE-2018-8000High8.82018-03-09In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-20…
CVE-2017-8787High8.82017-05-05The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause…
CVE-2025-46205High8.12025-10-01A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplyin…
CVE-2021-30472High7.82021-05-26A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a impro…
CVE-2018-12983High7.82018-06-29A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote att…
CVE-2018-8001High7.82018-03-09In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability…
CVE-2018-5308High7.82018-01-09PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could levera…
CVE-2017-6844High7.82017-03-15Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a…
CVE-2017-6843High7.82017-03-15Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact v…
CVE-2017-5886High7.82017-03-01Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified i…