CVE-2017-8053

low-risk

Published 2017-04-22

PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

Do I need to act?

0.35% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Podofo

Affected Vendors

Podofo Project

References (4)

Mailing List http://openwall.com/lists/oss-security/2017/04/22/1

Exploit http://www.evernote.com/l/AnGe5jS_MvNDaZvZW-fzvV37H4ggSf5IkQo/

Mailing List http://openwall.com/lists/oss-security/2017/04/22/1

Exploit http://www.evernote.com/l/AnGe5jS_MvNDaZvZW-fzvV37H4ggSf5IkQo/

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal