Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-35702

Опубликовано: 25 дек. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 7.8

Описание

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

РелизСтатусПримечание
bionic

not-affected

code not present
devel

not-affected

code not present
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
groovy

not-affected

code not present
precise/esm

DNE

trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 63%
0.00438
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-35702

CVSS3: 8.1
redhat
около 5 лет назад

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

nvd логотип

CVE-2020-35702

CVSS3: 7.8
nvd
около 5 лет назад

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

debian логотип

CVE-2020-35702

CVSS3: 7.8
debian
около 5 лет назад

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-base ...

github логотип

GHSA-fcqx-5rp6-c5pj

CVSS3: 7.8
github
больше 3 лет назад

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.

EPSS

Процентиль: 63%
0.00438
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3