[podofo-0.9.7]Heap-Use-after-free in PoDoFo::PdfVecObjects::Clear()

A PDF parsing, modification and creation library.

Brought to you by: domseichter

Milestone: SVN TRUNK

Status: open

Owner: nobody

Labels: bug (2)

Updated: 2021-04-14

Created: 2021-04-03

Private: No

In PoDoFo::PdfVecObjects::Clear(), when run podofoencrypt with a crafted pdf, there is a Heap-Use-after-free .
In command line:

In gdb:

And the crafted file is attached .

1 Attachments

bug1

Mattia Rizzolo - 2021-04-14

For cross-reference, to this issue has been assigned CVE-2021-30469

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: