CVE-2021-30470

MEDIUM
Published May 26, 20215y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 26, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-674

Affected Products 3

VendorProductVersionRange
podofo_projectpodofo0.9.7any
redhatenterprise_linux7.0any
fedoraprojectfedora33any

References 1

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1947436
    ExploitIssue TrackingPatchThird Party Advisory

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1947436
    ExploitIssue TrackingPatchThird Party Advisory