Fluid Attacks Database

Description

Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 14	libpodofo	=0.9.8+dfsg-3.2 \|\| =0.9.8+dfsg-3.3
debian 11	libpodofo	=0.9.7+dfsg-2 \|\| =0.9.7+dfsg-3 \|\| =0.9.8+dfsg-1 \|\| =0.9.8+dfsg-2 \|\| =0.9.8+dfsg-3 \|\| =0.9.8+dfsg-3.1 \|\| =0.9.8+dfsg-3.1~exp1 \|\| =0.9.8+dfsg-3.2 \|\| =0.9.8+dfsg-3.3
debian 12	libpodofo	=0.9.8+dfsg-3 \|\| =0.9.8+dfsg-3.1 \|\| =0.9.8+dfsg-3.1~exp1 \|\| =0.9.8+dfsg-3.2 \|\| =0.9.8+dfsg-3.3
debian 13	libpodofo	=0.9.8+dfsg-3.2 \|\| =0.9.8+dfsg-3.3

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.