Every CVE whose affected-product data names Podofo Project Podofo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (63)
CVE-2017-8378 — CVSS 9.8 (critical): Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a…
CVE-2015-8981 — CVSS 9.8 (critical): Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have…
CVE-2023-31568 — CVSS 8.8 (high): Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.
CVE-2017-8787 — CVSS 8.8 (high): The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote…
CVE-2018-8000 — CVSS 8.8 (high): In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a…
CVE-2018-8002 — CVSS 8.8 (high): In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may…
CVE-2019-9199 — CVSS 8.8 (high): PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be…
CVE-2018-19532 — CVSS 8.8 (high): A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while…
CVE-2023-31566 — CVSS 8.8 (high): Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567 — CVSS 8.8 (high): Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
CVE-2018-20751 — CVSS 8.8 (high): An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaB…
CVE-2025-46205 — CVSS 8.1 (high): A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of…
CVE-2017-6844 — CVSS 7.8 (high): Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have…
CVE-2018-12983 — CVSS 7.8 (high): A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be…
CVE-2018-5308 — CVSS 7.8 (high): PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote…
CVE-2017-6843 — CVSS 7.8 (high): Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have…
CVE-2017-5853 — CVSS 7.8 (high): Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
CVE-2021-30472 — CVSS 7.8 (high): A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is…
CVE-2018-8001 — CVSS 7.8 (high): In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage…
CVE-2017-5886 — CVSS 7.8 (high): Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers…
CVE-2018-20797 — CVSS 6.5 (medium): An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in…
CVE-2018-11256 — CVSS 6.5 (medium): An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to…
CVE-2023-31555 — CVSS 6.5 (medium): podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.
CVE-2017-7994 — CVSS 6.5 (medium): The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL…
CVE-2018-14320 — CVSS 6.5 (medium): This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is…
CVE-2023-31556 — CVSS 6.5 (medium): podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.
CVE-2019-10723 — CVSS 5.5 (medium): An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory…
CVE-2019-20093 — CVSS 5.5 (medium): The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL…
CVE-2020-18971 — CVSS 5.5 (medium): Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'…
CVE-2020-18972 — CVSS 5.5 (medium): Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via…
CVE-2021-30469 — CVSS 5.5 (medium): A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted…
CVE-2021-30470 — CVSS 5.5 (medium): A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and…
CVE-2021-30471 — CVSS 5.5 (medium): A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cp…
CVE-2017-6848 — CVSS 5.5 (medium): The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL…
CVE-2017-5852 — CVSS 5.5 (medium): The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of…
CVE-2017-5854 — CVSS 5.5 (medium): base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a…
CVE-2017-5855 — CVSS 5.5 (medium): The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service…
CVE-2017-6840 — CVSS 5.5 (medium): The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service…
CVE-2017-6841 — CVSS 5.5 (medium): The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to…
CVE-2017-6842 — CVSS 5.5 (medium): The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL…
CVE-2017-6845 — CVSS 5.5 (medium): The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer…
CVE-2017-6846 — CVSS 5.5 (medium): The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to…
CVE-2017-6847 — CVSS 5.5 (medium): The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL…
CVE-2017-6849 — CVSS 5.5 (medium): The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL…
CVE-2017-7378 — CVSS 5.5 (medium): The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service…
CVE-2017-7379 — CVSS 5.5 (medium): The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of…
CVE-2017-7380 — CVSS 5.5 (medium): The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and…
CVE-2017-7381 — CVSS 5.5 (medium): The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and…
CVE-2017-7382 — CVSS 5.5 (medium): The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and…
CVE-2017-7383 — CVSS 5.5 (medium): The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and…
CVE-2017-8053 — CVSS 5.5 (medium): PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentSt…
CVE-2017-8054 — CVSS 5.5 (medium): The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service…
CVE-2018-11254 — CVSS 5.5 (medium): An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp…
CVE-2018-11255 — CVSS 5.5 (medium): An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to…
CVE-2018-12982 — CVSS 5.5 (medium): Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have…
CVE-2018-5295 — CVSS 5.5 (medium): In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp)…
CVE-2018-5296 — CVSS 5.5 (medium): In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote…
CVE-2018-5309 — CVSS 5.5 (medium): In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParser…
CVE-2018-5783 — CVSS 5.5 (medium): In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote…
CVE-2018-6352 — CVSS 5.5 (medium): In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers…
CVE-2023-2241 — CVSS 5.3 (medium): A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file…
CVE-2025-9394 — CVSS 5.3 (medium): A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file…