Vulnerability Details CVE-2017-5854
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2017/02/01/14
- http://www.openwall.com/lists/oss-security/2017/02/02/12
- http://www.securityfocus.com/bid/96072
- https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/
- http://www.openwall.com/lists/oss-security/2017/02/01/14
- http://www.openwall.com/lists/oss-security/2017/02/02/12
- http://www.securityfocus.com/bid/96072
- https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/
Products affected by CVE-2017-5854
-
cpe:2.3:a:podofo_project:podofo:0.9.4