Integer Overflow Vulnerability in PoDoFo PDF Parsing Tool
CVE-2017-5853

7.8HIGH

Key Information:

Vendor: Podofo Project
Status: Podofo
Vendor: CVE Published:; 1 March 2017

🔔 Create Podofo Project Vulnerability Alert

What is CVE-2017-5853?

An integer overflow vulnerability exists in the base/PdfParser.cpp component of PoDoFo version 0.9.4. This flaw allows remote attackers to exploit crafted PDF files to trigger unintended behavior, which may lead to various potential impacts. The flaw primarily affects how PDF files are parsed, and improper handling of integers can result in memory corruption or unexpected behavior, making it critical for users to validate and sanitize incoming files.

References

http://www.securityfocus.com/bid/96066

vdb-entryx_refsource_BID

https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-int...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2017
Vulnerability Reserved
Feb 1, 2017

CVE-2017-5853 Data

JSON