Bug 1037000 - (CVE-2017-8378) VUL-1: CVE-2017-8378: podofo: denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp)
VUL-1: CVE-2017-8378: podofo: denial of service (application crash) vectors r...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Normal
: unspecified
Assigned To: Antonio Larrosa
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-05-01 08:09 UTC by Mikhail Kasimov
Modified: 2022-08-01 10:52 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-05-01 08:09:50 UTC
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8378

Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.

Source:  MITRE      Last Modified:  04/30/2017


[1] https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
Comment 1 Marcus Meissner 2019-10-31 08:18:34 UTC
hmm, reproducer no longer present :/