vulnerability

Ubuntu: USN-7217-1 (CVE-2017-5886): PoDoFo library vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Mar 1, 2017

Added

Nov 19, 2024

Modified

Apr 16, 2026

Description

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

Solutions

ubuntu-pro-upgrade-libpodofo-utilsubuntu-pro-upgrade-libpodofo0-9-0ubuntu-pro-upgrade-libpodofo0-9-3ubuntu-pro-upgrade-libpodofo0-9-5ubuntu-pro-upgrade-libpodofo0-9-6ubuntu-pro-upgrade-libpodofo0-9-7

References

CVE-2017-5886
https://attackerkb.com/topics/CVE-2017-5886
CWE-119
EUVD-EUVD-2017-14961
UBUNTU-USN-7217-1
http://www.openwall.com/lists/oss-security/2017/02/05/4
https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-14961
https://github.com/asarubbo/poc/blob/master/00146-podofo-heapoverflow-PdfTokenizer
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
https://www.cve.org/CVERecord?id=CVE-2017-5886

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report