CVE-2023-2241

Name of the Vulnerable Software and Affected Versions PoDoFo version 0.10.0

Description A critical vulnerability was found in PoDoFo, affecting the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack must be approached locally. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch, specifically the one identified as 535a786f124b739e3c857529cecc29e4eeb79778. As a temporary workaround, consider disabling the readXRefStreamEntry function until a patch is available. Restrict access to the PdfXRefStreamParserObject.cpp file to minimize the risk of exploitation.