PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Podofo | Podofo_project | 0.9.6 (including) | 0.9.6 (including) |
Libpodofo | Ubuntu | bionic | * |
Libpodofo | Ubuntu | cosmic | * |
Libpodofo | Ubuntu | disco | * |
Libpodofo | Ubuntu | trusty | * |
Libpodofo | Ubuntu | trusty/esm | * |
Libpodofo | Ubuntu | xenial | * |