Denial of Service Vulnerability in PoDoFo by Jochen Kupper
CVE-2018-11255

5.5MEDIUM

Key Information:

Vendor

Podofo Project

Status
Podofo
Vendor
CVE Published:
18 May 2018

What is CVE-2018-11255?

An issue has been identified in PoDoFo 0.9.5 that allows remote attackers to exploit a weakness in the PdfPage::GetPageNumber() function in PdfPage.cpp. By crafting a malicious PDF document, attackers can trigger a NULL pointer dereference, resulting in a crash of the application. This vulnerability poses a significant risk as it can disrupt services reliant on PoDoFo for PDF manipulation, compromising overall operational integrity.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1575502
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.