CVE-2023-2241
MEDIUM EPSS 29.1%
Published Apr 22, 20233y ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Published Apr 22, 2023 3y ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low
Threat Intelligence
EPSS Exploit Probability
29.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 3
CWE-120
CWE-122
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| podofo_project | podofo | 0.10.0 | any |
References 5
- github.com https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
- github.com https://github.com/podofo/podofo/files/11260976/poc-file.zip
- github.com https://github.com/podofo/podofo/issues/69
- vuldb.com https://vuldb.com/?ctiid.227226
- vuldb.com https://vuldb.com/?id.227226
Remediation
- github.com https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778