PT-2017-18093 · Podofo+1 · Podofo+1

Xiaobo Xiang

Published

2017-04-22

Updated

2019-10-03

CVE-2017-8053

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PoDoFo version 0.9.5

Description The issue allows for denial of service through infinite recursion and stack consumption. This can be triggered by a crafted PDF file, specifically affecting the ReadDocumentStructure function in PdfParser.cpp.

Recommendations For PoDoFo version 0.9.5, consider avoiding the use of the ReadDocumentStructure function in PdfParser.cpp until a patch is available. As a temporary workaround, restrict the processing of crafted PDF files to minimize the risk of exploitation.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2018-2273

CVE-2017-8053

Affected Products

Alt Linux

Podofo

PT-2017-18093 · Podofo+1 · Podofo+1

CVE-2017-8053

Weakness Enumeration

Related Identifiers

Affected Products

References · 50