I Fond this is similar to CVE-2021-30469, But my podofo version is 0.9.8(which was published in 2022). So I think this is a new bug.
podofoencrypt bug