CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-8000

In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.035

EPSS Ranking 87.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://bugzilla.redhat.com/show_bug.cgi?id=1548918
https://sourceforge.net/p/podofo/tickets/13/
https://bugzilla.redhat.com/show_bug.cgi?id=1548918
https://sourceforge.net/p/podofo/tickets/13/

Products affected by CVE-2018-8000

Podofo Project » Podofo » Version: 0.9.5

cpe:2.3:a:podofo_project:podofo:0.9.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8000

Products

Pricing

Contact Us