Mattia Rizzolo

**Name of the Vulnerable Software and Affected Versions** PoDoFo version 0.9.6 **Description** The issue is related to a stack-based buffer overflow in the `src/base/PdfDictionary.cpp` component, specifically at line 65. This allows attackers to cause a denial of service. The vulnerability is associated with a buffer overflow, which can be exploited by a remote attacker to disrupt service. **Recommendations** For PoDoFo version 0.9.6, consider applying a patch or fix that addresses the buffer overflow issue in the `src/base/PdfDictionary.cpp` component to prevent denial of service attacks. As a temporary workaround, restrict access to the vulnerable component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.5 Description: A heap-based buffer overflow issue exists in the `GetNextToken()` function of `PoDoFo::PdfTokenizer` in `PdfTokenizer.cpp`. This could allow remote attackers to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file. Recommendations: For PoDoFo version 0.9.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.