CVE-2018-20751
NONE EPSS 73.4%
Published Feb 4, 20197y ago · Modified Jun 17, 20262w ago
Published Feb 4, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.
Threat Intelligence
EPSS Exploit Probability
73.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| podofo_project | podofo | 0.9.6 | any |
References 2
- research.loginsoft.com https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/
- sourceforge.net https://sourceforge.net/p/podofo/tickets/33/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.