Podofo
This hub aggregates every CVE we track for Podofo, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
64
CVEs tracked
3
Critical
18
High
0
In CISA KEV
Severity distribution
MEDIUM42HIGH18CRITICAL3LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Podofo.
- CVE-2026-44348PoDoFo: Double-free vulnerability in compute_hash_to_sign()2.5
- CVE-2025-46205A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is di...8.1
- CVE-2025-9394PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free5.3
- CVE-2023-31568Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.8.8
- CVE-2023-31566Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().8.8
- CVE-2023-31556podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.6.5
- CVE-2023-31567Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.8.8
- CVE-2023-31555podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.6.5
- CVE-2023-2241PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow5.3
- CVE-2020-18972Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.5.5
- CVE-2020-18971Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.5.5
- CVE-2021-30472A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.7.8
- CVE-2021-30471A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.5.5
- CVE-2021-30470A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overf...5.5
- CVE-2021-30469A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.5.5
Product normalization is registry-driven with AI assist and human review. How it works