PT-2019-19432 · Podofo+2 · Podofo+2

Ace Team

Publicado

2019-02-26

Atualizado

2024-10-08

CVE-2019-9199

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PoDoFo version 0.9.6

Description The issue is related to a NULL pointer dereference in the setSource() function, which can be triggered by sending a crafted PDF file. This can cause a Denial of Service (Segmentation fault) or possibly have other unspecified impacts.

Recommendations For PoDoFo version 0.9.6, consider avoiding the use of the setSource() function in PdfTranslator until a patch is available. As a temporary workaround, restrict the input to the podofoimpose binary to prevent crafted PDF files from being processed.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2021-1684

ALT-PU-2022-3234

CVE-2019-9199

MGASA-2020-0294

OPENSUSE-SU-2024:14278-1

OPENSUSE-SU-2024_2137-1

SUSE-SU-2024:2137-1

SUSE-SU-2024:3541-1

Produtos afetados

Alt Linux

Podofo

Suse

PT-2019-19432 · Podofo+2 · Podofo+2

CVE-2019-9199

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 83