PT-2019-6172 · Podofo+2 · Podofo+2
Tao
·
Published
2019-04-04
·
Updated
2022-11-29
·
CVE-2020-18972
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PoDoFo version 0.9.6
Description
The issue is related to the exposure of sensitive information to unauthorized actors. It involves the
IsNextToken function in the src/base/PdfToenizer.cpp component, which can be exploited by attackers to obtain sensitive information. The vulnerability is associated with the disclosure of information in an error data area, allowing a remote attacker to access confidential data.Recommendations
For PoDoFo version 0.9.6, consider restricting access to the
IsNextToken function in the src/base/PdfToenizer.cpp component as a temporary workaround until a patch is available.Exploit
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Podofo