In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
{ "binaries": [ { "binary_name": "libpodofo-dev", "binary_version": "0.9.6+dfsg-5" }, { "binary_name": "libpodofo-utils", "binary_version": "0.9.6+dfsg-5" }, { "binary_name": "libpodofo-utils-dbgsym", "binary_version": "0.9.6+dfsg-5" }, { "binary_name": "libpodofo0.9.6", "binary_version": "0.9.6+dfsg-5" }, { "binary_name": "libpodofo0.9.6-dbgsym", "binary_version": "0.9.6+dfsg-5" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }