Integer Overflow Vulnerability in PoDoFo PDF Parsing Tool
CVE-2017-5853

7.8HIGH

Key Information:

Vendor

Podofo Project

Status
Podofo
Vendor
CVE Published:
1 March 2017

What is CVE-2017-5853?

An integer overflow vulnerability exists in the base/PdfParser.cpp component of PoDoFo version 0.9.4. This flaw allows remote attackers to exploit crafted PDF files to trigger unintended behavior, which may lead to various potential impacts. The flaw primarily affects how PDF files are parsed, and improper handling of integers can result in memory corruption or unexpected behavior, making it critical for users to validate and sanitize incoming files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/96066
vdb-entryx_refsource_BID
https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-int...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.