CVE-2021-30472 - A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKe

CVE-2021-30472

Summary

A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947458

Vulnerable Configurations

cpe:2.3:a:podofo_project:podofo:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:podofo_project:podofo:0.9.7:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 25-10-2022 - 20:56)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

Last major update

25-10-2022 - 20:56

Published

26-05-2021 - 22:15

Last modified

25-10-2022 - 20:56