Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionGitHub Advisory
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap corruption. This vulnerability is fixed in 1.0.4.
AnalysisAI
Double-free vulnerability in PoDoFo 1.0.0 through 1.0.3 allows local attackers with user interaction to trigger heap corruption via failed digest operations in PDF signing routines, potentially causing denial of service. The vulnerability exists in compute_hash_to_sign() where EVP_DigestFinal failure causes buf to be freed twice, corrupting heap metadata. CVSS score is 2.5 (low severity) but exploitation requires local access and user interaction. Patched in version 1.0.4.
Technical ContextAI
PoDoFo is a C++17 library for PDF manipulation, including digital signature operations. The vulnerability resides in compute_hash_to_sign() within src/podofo/private/OpenSSLInternal_Ripped.cpp, which handles cryptographic hash computation for PDF signing using OpenSSL's EVP (Envelope) interface. The root cause is a classic double-free (CWE-415) resulting from improper error handling: when EVP_DigestFinal fails, execution jumps to the Error label, which attempts to free buf a second time without checking if buf was already freed during the failed operation. This corrupts the heap allocator's metadata, potentially triggering crash or undefined behavior. The affected library versions 1.0.0 through 1.0.3 contain this flaw in the PDF signature workflow, likely triggered when processing malformed or specially crafted PDF documents.
RemediationAI
Upgrade PoDoFo to version 1.0.4 or later, which includes the fix (commit 696d765c3a71ef224d4abffe1f174fef11292d7e adding buf = nullptr to prevent double-free). If immediate upgrade is not feasible, limit processing of PDF documents to trusted sources only and implement input validation to reject malformed or suspicious PDFs before passing them to PoDoFo signing routines. Monitor application logs for crashes or heap corruption warnings (e.g., ASAN or Valgrind output) in signature operations, which may indicate exploitation attempts. Refer to the vendor advisory at https://github.com/podofo/podofo/security/advisories/GHSA-8fq6-rqpv-xq72 for additional context and confirmation of the patch.
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote at
Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.
Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAES
Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoF
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.
In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfT
A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to caus
A flaw was found in PoDoFo 0.9.7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStr
Same weakness CWE-415 – Double Free
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30337