Описание
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libpodofo | fixed | 0.9.8+dfsg-1 | experimental | package |
| libpodofo | fixed | 0.9.8+dfsg-2 | package | |
| libpodofo | no-dsa | bullseye | package | |
| libpodofo | no-dsa | buster | package | |
| libpodofo | no-dsa | stretch | package | |
| libpodofo | no-dsa | jessie | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1595693
https://sourceforge.net/p/podofo/tickets/23
EPSS
Связанные уязвимости
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
EPSS