216.73.217.64

CVE-2026-44348

· Published 14/05/2026 17:16 · Modified 14/05/2026 18:16

Labels: CVE-2026-44348 2026-05-14CVE-2026-44348CWE-415[email protected]

Essential information

Published
14/05/2026 17:16
Modified
14/05/2026 18:16
Author
Creator
CVSS
2.5 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CVSS metrics

Description

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap corruption. This vulnerability is fixed in 1.0.4.

NVD status

Status
Deferred — When a CVE is given this status the NVD does not plan analyze or re-analyze this CVE due to resource or other concerns.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
podofo / podofo cpe:2.3:a:podofo:podofo:1.0.0-1.0.4:*:*:*:*:*:*:*

References