CNNVD-202508-2884 Information

CNNVD ID

CNNVD-202508-2884

Related CVE

CVE-2025-9394

• CNNVD Published: 2025-08-24

Description (Chinese)

PoDoFo是PoDoFo开源的一个免费的可移植 C++ 库。 PoDoFo 1.1.0-dev版本存在安全漏洞，该漏洞源于src/podofo/main/PdfTokenizer.cpp文件中的PdfTokenizer::DetermineDataType函数存在释放后重用。

Description (English)

PoDoFo is a free portable C++ library at PoDoFo Open Source. A security loophole exists in PoDoFo 1.1.0-dev version, which originates from the re-use after release of the PdfTokenizer:DetermineDataType function in src/podofo/main/PdfTokenizer.cpp.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PoDoFo

Published

2025-08-24

Last Modified

2026-02-24

References

https://vuldb.com/?submit.632365 https://vuldb.com/?submit.632364 https://vuldb.com/?id.321227 https://vuldb.com/?ctiid.321227 https://github.com/podofo/podofo/issues/275 https://github.com/podofo/podofo/commit/22d16cb142f293bf956f66a4d399cdd65576d36c https://drive.google.com/file/d/1edJH17GAiK9R441Gjyj8tiV_2ptoL16U/view?usp=sharing https://nvd.nist.gov/vuln/detail/CVE-2025-9394