Podofo 0.9.4 file Denial Of Service Vulnerability


podofo is a C++ library to work with the PDF file format.A fuzz on it discovered an infinite loop. The upstream project denies me to open a new ticket. unable to communicate with them.


The information has been provided by Agostino Sarubbo.
The original article can be found at: http://www.securityfocus.com/bid/97032


Vulnerable Systems:
 * Podofo 0.9.4

The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

CVE Information:

Disclosure Timeline:
Publish Date : 2017-03-01
Last Update Date : 2017-03-24

Categories: News