CVE-2023-2241

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:podofo_project:podofo:0.10.0:*:*:*:*:*:*:*

History

29 Apr 2023, 03:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:podofo_project:podofo:0.10.0:*:*:*:*:*:*:*
References (MISC) https://vuldb.com/?id.227226 - (MISC) https://vuldb.com/?id.227226 - Third Party Advisory
References (MISC) https://vuldb.com/?ctiid.227226 - (MISC) https://vuldb.com/?ctiid.227226 - Third Party Advisory
References (MISC) https://github.com/podofo/podofo/files/11260976/poc-file.zip - (MISC) https://github.com/podofo/podofo/files/11260976/poc-file.zip - Exploit
References (MISC) https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 - (MISC) https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 - Patch
References (MISC) https://github.com/podofo/podofo/issues/69 - (MISC) https://github.com/podofo/podofo/issues/69 - Exploit, Issue Tracking, Third Party Advisory

22 Apr 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-22 16:15

Updated : 2024-05-17 02:22


NVD link : CVE-2023-2241

Mitre link : CVE-2023-2241

CVE.ORG link : CVE-2023-2241


JSON object : View

Products Affected

podofo_project

  • podofo
CWE
CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow