podofo project

Top products

The 15 most recently published vulnerabilities affecting podofo project.

• CVE-2025-46205A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is di...8.1Oct 1, 2025
• CVE-2025-9394PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free5.3Aug 24, 2025
• CVE-2023-31568Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.8.8May 10, 2023
• CVE-2023-31567Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.8.8May 10, 2023
• CVE-2023-31566Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().8.8May 10, 2023
• CVE-2023-31556podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.6.5May 10, 2023
• CVE-2023-31555podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.6.5May 10, 2023
• CVE-2023-2241PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow5.3Apr 22, 2023
• CVE-2020-18972Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.5.5Aug 25, 2021
• CVE-2020-18971Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.5.5Aug 25, 2021
• CVE-2021-30472A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.7.8May 26, 2021
• CVE-2021-30471A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.5.5May 26, 2021
• CVE-2021-30470A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overf...5.5May 26, 2021
• CVE-2021-30469A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.5.5May 26, 2021
• CVE-2019-20093The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtr...5.5Dec 30, 2019