Updated podofo packages fix security vulnerabilities
Publication date: 24 Jun 2026Modification date: 24 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-31567 , CVE-2023-31568
Description
Podofo v0.9.8 shares some of the vulnerable code that was discovered in
Podofo v0.10.0. This package fixes that.
CVE-2023-31567 Podofo v0.10.0 was discovered to contain a heap buffer
overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
CVE-2023-31568 Podofo v0.10.0 was discovered to contain a heap buffer
overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.
References
- https://bugs.mageia.org/show_bug.cgi?id=33207
- https://github.com/podofo/podofo/commit/8f514d69b4ac3c9aa9f725fa93486fe4b7876642
- https://lwn.net/Articles/980540/
- https://github.com/podofo/podofo/issues/71
- https://github.com/podofo/podofo/issues/72
- https://www.cve.org/CVERecord?id=CVE-2023-31567
- https://www.cve.org/CVERecord?id=CVE-2023-31568
SRPMS
9/core
- podofo-0.9.8-2.1.mga9