CVE-2019-20093

MEDIUM

PoDoFo 0.9.6 - Denial of Service via Crafted File in PdfVariant::DelayedLoad

Title source: llm

Description

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

References (3)

Core 3

Core References

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://sourceforge.net/p/podofo/tickets/75/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHFOCBZCF3GX7A6FWE3JM7P37TQWGINJ/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTB2J5XWOEGAJYR2N66GAECUIKDG6O2S/

Scores

CVSS v3 5.5

EPSS 0.0137

EPSS Percentile 68.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (3)

fedoraproject/fedora 30

fedoraproject/fedora 31

podofo_project/podofo 0.9.6

Published Dec 30, 2019

Tracked Since Feb 18, 2026