CVE-2023-2241

MEDIUM EPSS 29.1%
Published Apr 22, 20233y ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Apr 22, 2023 3y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.

CVSS Details

Base Score
5.3
Exploitability
1.8
Impact
3.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low

Threat Intelligence

EPSS Exploit Probability
29.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 3

CWE-120
CWE-122
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
podofo_projectpodofo0.10.0any

References 5

  • github.com https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
    Patch
  • github.com https://github.com/podofo/podofo/files/11260976/poc-file.zip
    Exploit
  • github.com https://github.com/podofo/podofo/issues/69
    ExploitIssue TrackingThird Party Advisory
  • vuldb.com https://vuldb.com/?ctiid.227226
    Third Party Advisory
  • vuldb.com https://vuldb.com/?id.227226
    Third Party Advisory

Remediation

  • github.com https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
    Patch