Vulnerability Summary: Title: PoDoFo Library ParseToUnicode Memory Corruption Information Disclosure Vulnerability (ZDI-18-1046, ZDI-CAN-5673) Date: September 13th, 2018 CVE ID: CVE-2018-14320 CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Affected Vendor: PoDoFo Affected Product: PoDoFo Library Vulnerability Details: Description: Allows remote attackers to disclose sensitive information. Exploitation requires user interaction via a malicious page or file. The flaw is in , due to improper user-supplied data validation leading to memory corruption. Disclosure: Public disclosure without a patch due to ZDI 120 day deadline. Timeline: Reported on 04/10/2018, last update on 08/20/2018. Credit: V.E.O of Trend Micro Mobile Security Research Team. Mitigation: Restrict interaction to trusted files.