CVE-2020-9359

Опубликовано: 24 мар. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 6.8

EPSS Низкий

Описание

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

Ссылки

https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
Patch
Vendor Advisory
https://kde.org/info/security/advisory-20200312-1.txt
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00019.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AW6GJ3AKGXOMTDHNZBMSXDTWNJJRFBDH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G3HL3F6JLCSRLPFZ47735F5STPJWDVR4/
https://security.gentoo.org/glsa/202007-47
Third Party Advisory
https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
Patch
Vendor Advisory
https://kde.org/info/security/advisory-20200312-1.txt
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00019.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AW6GJ3AKGXOMTDHNZBMSXDTWNJJRFBDH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G3HL3F6JLCSRLPFZ47735F5STPJWDVR4/
https://security.gentoo.org/glsa/202007-47
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kde:okular:*:*:*:*:*:*:*:*

Версия до 1.10.0 (исключая)

cpe:2.3:a:kde:okular:*:*:*:*:*:*:*:*

Версия от 19.12.0 (включая) до 19.12.3 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02641

Низкий

5.3 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-9359

CVSS3: 5.3

ubuntu

почти 6 лет назад

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

CVE-2020-9359

CVSS3: 5.3

redhat

почти 6 лет назад

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

CVE-2020-9359

CVSS3: 5.3

debian

почти 6 лет назад

KDE Okular before 1.10.0 allows code execution via an action link in a ...

GHSA-jmvc-hx3f-5mj7

CVSS3: 5.3

github

больше 3 лет назад

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

ELSA-2020-4024

oracle-oval

больше 5 лет назад

ELSA-2020-4024: okular security update (MODERATE)

EPSS

Процентиль: 85%

0.02641

Низкий

5.3 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo