There are 4 open security issues in bookworm.
4 issues left for the package maintainer to handle:
- CVE-2021-30469:
(postponed; to be fixed through a stable update)
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
- CVE-2021-30472:
(postponed; to be fixed through a stable update)
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
- CVE-2023-31566:
(needs triaging)
Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
- CVE-2023-31567:
(needs triaging)
Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
You can find information about how to handle these issues in the security team's documentation.