Описание
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | not-affected | 0.9.6+dfsg-5 |
| disco | not-affected | 0.9.6+dfsg-4 |
| eoan | not-affected | 0.9.6+dfsg-5 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 0.9.6+dfsg-5 |
| esm-apps/jammy | not-affected | 0.9.6+dfsg-5 |
| esm-apps/noble | not-affected | 0.9.6+dfsg-5 |
| esm-apps/xenial | needs-triage |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PD ...
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.
Уязвимость функции crop_page() программной библиотеки PoDoFo, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3