A vulnerability, which was classified as problematic , was found in PoDoFo up to 1.0.3 . This affects the function compute_hash_to_sign of the file src/podofo/private/OpenSSLInternal_Ripped.cpp . Such manipulation leads to double free. This vulnerability is uniquely identified as CVE-2026-44348 . Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.