Skip to main content

PoDoFo CVE-2026-44348

| EUVDEUVD-2026-30337 LOW
Double Free (CWE-415)
2026-05-14 GitHub_M
2.5
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
2.5 LOW
AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch available
May 14, 2026 - 18:02 EUVD
Source Code Evidence Fetched
May 14, 2026 - 17:34 vuln.today
Analysis Generated
May 14, 2026 - 17:34 vuln.today
CVE Published
May 14, 2026 - 16:38 nvd
LOW 2.5

DescriptionGitHub Advisory

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap corruption. This vulnerability is fixed in 1.0.4.

AnalysisAI

Double-free vulnerability in PoDoFo 1.0.0 through 1.0.3 allows local attackers with user interaction to trigger heap corruption via failed digest operations in PDF signing routines, potentially causing denial of service. The vulnerability exists in compute_hash_to_sign() where EVP_DigestFinal failure causes buf to be freed twice, corrupting heap metadata. CVSS score is 2.5 (low severity) but exploitation requires local access and user interaction. Patched in version 1.0.4.

Technical ContextAI

PoDoFo is a C++17 library for PDF manipulation, including digital signature operations. The vulnerability resides in compute_hash_to_sign() within src/podofo/private/OpenSSLInternal_Ripped.cpp, which handles cryptographic hash computation for PDF signing using OpenSSL's EVP (Envelope) interface. The root cause is a classic double-free (CWE-415) resulting from improper error handling: when EVP_DigestFinal fails, execution jumps to the Error label, which attempts to free buf a second time without checking if buf was already freed during the failed operation. This corrupts the heap allocator's metadata, potentially triggering crash or undefined behavior. The affected library versions 1.0.0 through 1.0.3 contain this flaw in the PDF signature workflow, likely triggered when processing malformed or specially crafted PDF documents.

RemediationAI

Upgrade PoDoFo to version 1.0.4 or later, which includes the fix (commit 696d765c3a71ef224d4abffe1f174fef11292d7e adding buf = nullptr to prevent double-free). If immediate upgrade is not feasible, limit processing of PDF documents to trusted sources only and implement input validation to reject malformed or suspicious PDFs before passing them to PoDoFo signing routines. Monitor application logs for crashes or heap corruption warnings (e.g., ASAN or Valgrind output) in signature operations, which may indicate exploitation attempts. Refer to the vendor advisory at https://github.com/podofo/podofo/security/advisories/GHSA-8fq6-rqpv-xq72 for additional context and confirmation of the patch.

More in Podofo

View all
CVE-2017-8378 CRITICAL POC
9.8 May 01

Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote at

CVE-2023-31568 HIGH POC
8.8 May 10

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.

CVE-2023-31567 HIGH POC
8.8 May 10

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAES

CVE-2023-31566 HIGH POC
8.8 May 10

Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted

CVE-2019-9199 HIGH POC
8.8 Feb 26

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can

CVE-2018-19532 HIGH POC
8.8 Nov 26

A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoF

CVE-2018-8002 HIGH POC
8.8 Mar 09

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.

CVE-2018-8000 HIGH POC
8.8 Mar 09

In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfT

CVE-2025-46205 HIGH POC
8.1 Oct 01

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to caus

CVE-2021-30472 HIGH POC
7.8 May 26

A flaw was found in PoDoFo 0.9.7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low

CVE-2018-12983 HIGH POC
7.8 Jun 29

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9

CVE-2018-5308 HIGH POC
7.8 Jan 09

PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStr

Share

CVE-2026-44348 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy