CVE-2020-18972
Publication date 25 August 2021
Last updated 11 July 2025
Ubuntu priority
Description
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libpodofo | ||
| 24.04 LTS noble | Ignored vulnerability has been disputed by upstream maintainers | |
| 22.04 LTS jammy | Ignored vulnerability has been disputed by upstream maintainers | |
| 20.04 LTS focal | Ignored end of standard support, was ignored [vulnerability has been disputed by upstream maintainers] | |
| 18.04 LTS bionic | Ignored end of standard support, was needs-triage | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |