libpodofo - Debian Package Tracker

general

source: libpodofo (main)
version: 0.9.8+dfsg-3
maintainer: Mattia Rizzolo (DMD)
arch: any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.9.6+dfsg-5
oldstable: 0.9.7+dfsg-2
stable: 0.9.8+dfsg-3
testing: 0.9.8+dfsg-3
unstable: 0.9.8+dfsg-3

versioned links

0.9.6+dfsg-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.7+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.9.8+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpodofo-dev
libpodofo-utils
libpodofo0.9.8 (1 bugs: 0, 0, 1, 0)

action needed

8 security issues in sid high

There are 8 open security issues in sid.

8 important issues:

CVE-2018-8002: In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
CVE-2020-18971: Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
CVE-2021-30472: A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2023-31566: Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567: Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

Created: 2022-07-04 Last update: 2023-06-11 06:30

8 security issues in trixie high

There are 8 open security issues in trixie.

8 important issues:

CVE-2018-8002: In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
CVE-2020-18971: Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
CVE-2021-30472: A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2023-31566: Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567: Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

Created: 2023-06-11 Last update: 2023-06-11 06:30

lintian reports 1 error and 6 warnings high

Lintian reports 1 error and 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-09-06 Last update: 2023-02-04 09:34

Depends on packages which need a new maintainer normal

The packages that libpodofo depends on which need a new maintainer are:

lua5.1 (#996252)
- Depends: liblua5.1-0
- Build-Depends: liblua5.1-0-dev

Created: 2021-10-12 Last update: 2023-10-03 19:34

11 low-priority security issues in bullseye low

There are 11 open security issues in bullseye.

9 issues left for the package maintainer to handle:

CVE-2018-8002: (needs triaging) In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
CVE-2018-12983: (needs triaging) A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
CVE-2020-18971: (needs triaging) Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
CVE-2021-30469: (needs triaging) A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2021-30470: (needs triaging) A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
CVE-2021-30471: (needs triaging) A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
CVE-2021-30472: (needs triaging) A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2023-31566: (needs triaging) Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567: (needs triaging) Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

You can find information about how to handle these issues in the security team's documentation.

2 ignored issues:

CVE-2019-10723: An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.
CVE-2019-20093: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.

Created: 2022-07-04 Last update: 2023-06-11 06:30

8 low-priority security issues in bookworm low

There are 8 open security issues in bookworm.

8 issues left for the package maintainer to handle:

CVE-2018-8002: (needs triaging) In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
CVE-2020-18971: (needs triaging) Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.
CVE-2021-30469: (needs triaging) A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
CVE-2021-30470: (needs triaging) A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
CVE-2021-30471: (needs triaging) A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
CVE-2021-30472: (needs triaging) A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
CVE-2023-31566: (needs triaging) Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
CVE-2023-31567: (needs triaging) Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2023-06-11 06:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2014-07-02 Last update: 2022-05-14 15:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2022-12-17 19:17

news

[rss feed]

[2022-08-27] libpodofo 0.9.8+dfsg-3 MIGRATED to testing (Debian testing watch)
[2022-08-21] Accepted libpodofo 0.9.8+dfsg-3 (source) into unstable (Mattia Rizzolo)
[2022-05-11] libpodofo 0.9.8+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-05-06] Accepted libpodofo 0.9.8+dfsg-2 (source) into unstable (Mattia Rizzolo)
[2022-05-04] Accepted libpodofo 0.9.8+dfsg-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Mattia Rizzolo)
[2022-01-08] libpodofo 0.9.7+dfsg-3 MIGRATED to testing (Debian testing watch)
[2022-01-02] Accepted libpodofo 0.9.7+dfsg-3 (source) into unstable (Mattia Rizzolo)
[2021-01-18] libpodofo 0.9.7+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-01-12] Accepted libpodofo 0.9.7+dfsg-2 (source) into unstable (Mattia Rizzolo)
[2021-01-09] Accepted libpodofo 0.9.7+dfsg-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Mattia Rizzolo)
[2019-04-27] libpodofo 0.9.6+dfsg-5 MIGRATED to testing (Debian testing watch)
[2019-04-21] Accepted libpodofo 0.9.6+dfsg-5 (source) into unstable (Mattia Rizzolo)
[2019-02-22] libpodofo 0.9.6+dfsg-4 MIGRATED to testing (Debian testing watch)
[2019-02-11] Accepted libpodofo 0.9.6+dfsg-4 (source) into unstable (Mattia Rizzolo)
[2018-10-08] libpodofo 0.9.6+dfsg-3 MIGRATED to testing (Debian testing watch)
[2018-10-02] Accepted libpodofo 0.9.6+dfsg-3 (source) into unstable (Mattia Rizzolo)
[2018-09-24] libpodofo 0.9.5-11 MIGRATED to testing (Debian testing watch)
[2018-09-22] Accepted libpodofo 0.9.6+dfsg-2 (source) into experimental (Mattia Rizzolo)
[2018-09-18] Accepted libpodofo 0.9.6+dfsg-1 (source) into experimental (Mattia Rizzolo)
[2018-09-18] Accepted libpodofo 0.9.5-11 (source) into unstable (Mattia Rizzolo)
[2018-09-02] libpodofo 0.9.5-10 MIGRATED to testing (Debian testing watch)
[2018-08-27] Accepted libpodofo 0.9.5-10 (source) into unstable (Mattia Rizzolo)
[2018-05-10] Accepted libpodofo 0.9.6~rc1+dfsg-1 (source amd64) into experimental, experimental (Mattia Rizzolo)
[2018-03-01] libpodofo 0.9.5-9 MIGRATED to testing (Debian testing watch)
[2018-02-24] Accepted libpodofo 0.9.5-9 (source) into unstable (Mattia Rizzolo)
[2017-11-18] libpodofo 0.9.5-8 MIGRATED to testing (Debian testing watch)
[2017-11-12] Accepted libpodofo 0.9.5-8 (source) into unstable (Mattia Rizzolo)
[2017-11-12] Accepted libpodofo 0.9.5-7 (source) into unstable (Mattia Rizzolo)
[2017-08-06] libpodofo 0.9.5-6 MIGRATED to testing (Debian testing watch)
[2017-07-31] Accepted libpodofo 0.9.5-6 (source) into unstable (Mattia Rizzolo)

bugs [bug history graph]

all: 10
RC: 0
I&N: 9
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (1, 6)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.9.8+dfsg-3build1