PT-2019-6172 · Podofo+2 · Podofo+2
Tao
·
Publicado
2019-04-04
·
Atualizado
2022-11-29
·
CVE-2020-18972
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PoDoFo version 0.9.6
Description
The issue is related to the exposure of sensitive information to unauthorized actors. It involves the
IsNextToken function in the src/base/PdfToenizer.cpp component, which can be exploited by attackers to obtain sensitive information. The vulnerability is associated with the disclosure of information in an error data area, allowing a remote attacker to access confidential data.Recommendations
For PoDoFo version 0.9.6, consider restricting access to the
IsNextToken function in the src/base/PdfToenizer.cpp component as a temporary workaround until a patch is available.Exploit
Correção
Exposure of Resource to Wrong Sphere
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Debian
Podofo