podofo (SUSE:Linux Enterprise Module for Package Hub 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Package Hub 15 SP6 package podofo, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2015-8981 — CVSS 9.8 (critical): Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have…
CVE-2017-8378 — CVSS 9.8 (critical): Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a…
CVE-2019-9199 — CVSS 8.8 (high): PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be…
CVE-2018-8001 — CVSS 7.8 (high): In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage…
CVE-2018-20797 — CVSS 6.5 (medium): An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in…
CVE-2017-6849 — CVSS 5.5 (medium): The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL…
CVE-2018-5309 — CVSS 5.5 (medium): In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParser…
CVE-2019-10723 — CVSS 5.5 (medium): An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory…
CVE-2017-6841 — CVSS 5.5 (medium): The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to…
CVE-2017-6840 — CVSS 5.5 (medium): The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service…
CVE-2017-6842 — CVSS 5.5 (medium): The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL…
CVE-2017-6845 — CVSS 5.5 (medium): The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer…