CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20751

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/
https://sourceforge.net/p/podofo/tickets/33/
https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/
https://sourceforge.net/p/podofo/tickets/33/

Products affected by CVE-2018-20751

Podofo Project » Podofo » Version: 0.9.6

cpe:2.3:a:podofo_project:podofo:0.9.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20751

Products

Pricing

Contact Us