Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-35702

Опубликовано: 20 дек. 2020
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

A heap buffer overflow flaw was found in poppler. This flaw allows a remote attacker to provide a specially crafted PDF file that, when processed by the 'pdftops' program, leads to a crash or potential code execution. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Отчет

The versions of poppler as shipped with Red Hat Enterprise Linux are not affected by this flaw, as the vulnerable code was introduced in a newer version of the package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5popplerNot affected
Red Hat Enterprise Linux 6popplerNot affected
Red Hat Enterprise Linux 7popplerNot affected
Red Hat Enterprise Linux 8popplerNot affected
Red Hat Enterprise Linux 9popplerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1912912poppler: heap-based buffer overflow via a crafted PDF document

EPSS

Процентиль: 63%
0.00438
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-35702

CVSS3: 7.8
ubuntu
около 5 лет назад

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

nvd логотип

CVE-2020-35702

CVSS3: 7.8
nvd
около 5 лет назад

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

debian логотип

CVE-2020-35702

CVSS3: 7.8
debian
около 5 лет назад

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-base ...

github логотип

GHSA-fcqx-5rp6-c5pj

CVSS3: 7.8
github
больше 3 лет назад

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.

EPSS

Процентиль: 63%
0.00438
Низкий

8.1 High

CVSS3