Intreuse

**Name of the Vulnerable Software and Affected Versions** PoDoFo version 0.9.6 **Description** The issue allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. This is due to the `PoDoFo::PdfVariant::DelayedLoad` function in `PdfVariant.h`, which is affected by code in `ImageExtractor.cpp`. **Recommendations** For PoDoFo version 0.9.6, consider avoiding the use of the `PoDoFo::PdfVariant::DelayedLoad` function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.