Summary: | app-text/podofo: multiple vulnerabilities (CVE-2020-{18971,18972}, CVE-2021-{30469,30470,30471,30472}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceforge.net/p/podofo/tickets/132/ | ||
Whiteboard: | B2 [upstream] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 888463 | ||
Bug Blocks: |
Description
Sam James
2021-04-13 19:03:42 UTC
* CVE-2021-30470 Description: "A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow." https://sourceforge.net/p/podofo/tickets/130/ * CVE-2021-30471 Description: "A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow." https://sourceforge.net/p/podofo/tickets/131/ * CVE-2021-30469 Description: "A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file." https://sourceforge.net/p/podofo/tickets/129/ Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. CVE-2020-18971 (https://sourceforge.net/p/podofo/tickets/48/): Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. CVE-2020-18972 (https://sourceforge.net/p/podofo/tickets/49/): Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. Seems there's some confusion about the validity of both of these. |