CVE-2025-9394 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-9394 Interim 1 1 2025-09-22T08:07:00Z current 2025-09-22T08:07:00Z 2025-09-22T08:07:00Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-9394 A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security openSUSE Leap 15.6 libpodofo-devel libpodofo0_9_6 podofo libpodofo-devel as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpodofo0_9_6 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 podofo as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpodofo-devel as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpodofo0_9_6 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 podofo as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpodofo-devel as a component of SUSE Linux Enterprise Server 12 SP5-LTSS podofo as a component of SUSE Linux Enterprise Server 12 SP5-LTSS podofo as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security libpodofo-devel as a component of openSUSE Leap 15.6 libpodofo0_9_6 as a component of openSUSE Leap 15.6 podofo as a component of openSUSE Leap 15.6 A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue. CVE-2025-9394 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6 SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo SUSE Linux Enterprise Module for Package Hub 15 SP7:libpodofo-devel SUSE Linux Enterprise Module for Package Hub 15 SP7:libpodofo0_9_6 SUSE Linux Enterprise Module for Package Hub 15 SP7:podofo SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:podofo SUSE Linux Enterprise Server 12 SP5-LTSS:libpodofo-devel SUSE Linux Enterprise Server 12 SP5-LTSS:podofo openSUSE Leap 15.6:libpodofo-devel openSUSE Leap 15.6:libpodofo0_9_6 openSUSE Leap 15.6:podofo moderate 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L