Vulnerability CVE-2021-30469: Information

Description

A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-30469
Published: May 27, 2021
Modified: Dec. 21, 2022
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
podofosisyphus0.9.8-alt10.10.3-alt1ALT-PU-2023-4738-2311414Fixed
podofosisyphus_e2k0.9.8-alt10.10.3-alt1ALT-PU-2023-4779-1-Fixed
podofosisyphus_riscv640.9.8-alt10.10.3-alt1ALT-PU-2023-4773-1-Fixed
podofop100.9.8-alt10.9.8-alt1ALT-PU-2023-5043-3327591Fixed
podofop10_e2k0.9.8-alt10.9.8-alt1ALT-PU-2023-5415-1-Fixed
podofoc10f10.9.8-alt10.9.8-alt1ALT-PU-2023-5585-3329430Fixed
podofoc9f20.9.8-alt10.9.8-alt1ALT-PU-2023-5421-3328749Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1947433
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:podofo_project:podofo:0.9.7:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top