CVE-2023-31567 (https://github.com/podofo/podofo/issues/71): Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. CVE-2023-31566 (https://github.com/podofo/podofo/issues/70): Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). No patches upstream.
app-text/podofo-0.10 is a "complete rewrite" so it is possible <0.10 is unaffected. https://github.com/podofo/podofo/releases/tag/0.10.0
CVE-2023-31566 has a fix at https://github.com/podofo/podofo/commit/00d2735a9c5bcb438d6f922b5f2445d28389c2d1 And -31567: https://github.com/podofo/podofo/commit/8f514d69b4ac3c9aa9f725fa93486fe4b7876642