SB2018062919 - Multiple vulnerabilities in podofo.sourceforge.net podofo

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018062919

SB2018062919 - Multiple vulnerabilities in podofo.sourceforge.net podofo

Published: June 29, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018062919
Severity
High
Patch available
NO
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2019-20093)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file, because of ImageExtractor.cpp.


2) Resource management error (CVE-ID: CVE-2019-10723)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.


3) Buffer overflow (CVE-ID: CVE-2018-20797)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.


4) NULL pointer dereference (CVE-ID: CVE-2018-20751)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. A remote attacker can perform a denial of service (DoS) attack.


5) NULL pointer dereference (CVE-ID: CVE-2018-19532)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. A remote attacker can perform a denial of service (DoS) attack.


6) Buffer overflow (CVE-ID: CVE-2018-12982)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.


7) Stack-based buffer overflow (CVE-ID: CVE-2018-12983)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a crafted pdf file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References