CVE-2019-9199

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PoDoFo version 0.9.6

Description The issue is related to a NULL pointer dereference in the setSource() function, which can be triggered by sending a crafted PDF file. This can cause a Denial of Service (Segmentation fault) or possibly have other unspecified impacts.

Recommendations For PoDoFo version 0.9.6, consider avoiding the use of the setSource() function in PdfTranslator until a patch is available. As a temporary workaround, restrict the input to the podofoimpose binary to prevent crafted PDF files from being processed.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2021-1684

ALT-PU-2022-3234

CVE-2019-9199

MGASA-2020-0294

OPENSUSE-SU-2024:14278-1

OPENSUSE-SU-2024_2137-1

SUSE-SU-2024:2137-1

SUSE-SU-2024:3541-1

Affected Products

Alt Linux

Podofo

Suse

CVE-2019-9199

Weakness Enumeration

Related Identifiers

Affected Products

References · 83