Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 906105 (CVE-2023-31566, CVE-2023-31567) - app-text/podofo: multiple vulnerabilities
Summary: app-text/podofo: multiple vulnerabilities
Alias: CVE-2023-31566, CVE-2023-31567
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [ebuild]
Depends on:
Reported: 2023-05-11 04:15 UTC by John Helmert III
Modified: 2023-06-29 03:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-11 04:15:14 UTC
CVE-2023-31567 (

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

CVE-2023-31566 (

Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

No patches upstream.
Comment 1 Andreas Sturmlechner gentoo-dev 2023-05-27 09:34:10 UTC
app-text/podofo-0.10 is a "complete rewrite" so it is possible <0.10 is unaffected.