Mageia Releases Update to Fix Critical Heap Buffer Overflow in Podofo
mageia
June 24, 2026
Security update
Summary
Description:
Podofo v0.9.8 shares some of the vulnerable code that was discovered in
Podofo v0.10.0. This package fixes that.
CVE-2023-31567 Podofo v0.10.0 was discovered to contain a heap buffer
overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.
CVE-2023-31568 Podofo v0.10.0 was discovered to contain a heap buffer
overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.
References
- https://bugs.mageia.org/show_bug.cgi?id=33207
- https://github.com/podofo/podofo/commit/8f514d69b4ac3c9aa9f725fa93486fe4b7876642
- https://lwn.net/Articles/980540/
- https://github.com/podofo/podofo/issues/71
- https://github.com/podofo/podofo/issues/72
- https://www.cve.org/CVERecord?id=CVE-2023-31567
- https://www.cve.org/CVERecord?id=CVE-2023-31568
Topics Covered
Resolution
SRPMS
- 9/core/podofo-0.9.8-2.1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date:24 Jun 2026
URL: https://advisories.mageia.org/MGASA-2026-0229.html
Type: security
CVE: CVE-2023-31567,
CVE-2023-31568
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!