CVE-2020-35702
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects
** EN DISPUTA ** La función DCTStream::getChars en el archivo DCTStream.cc en Poppler versión 20.12.1, presenta un desbordamiento del búfer en la región stack de la memoria por medio de un documento PDF diseñado. NOTA: informes posteriores indican que esto sólo afecta a las construcciones de los clones de git de Poppler a finales de diciembre de 2020, no a la versión 20.12.1. En esta situación, NO debe considerarse una vulnerabilidad del Poppler. Sin embargo, varios proyectos de código abierto de terceros dependen directamente de clones de git Poppler hechos en momentos arbitrarios, y por lo tanto el CVE sigue siendo útil para los usuarios de esos proyectos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-25 CVE Reserved
- 2020-12-25 CVE Published
- 2023-07-31 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freedesktop Search vendor "Freedesktop" | Poppler Search vendor "Freedesktop" for product "Poppler" | 20.12.1 Search vendor "Freedesktop" for product "Poppler" and version "20.12.1" | - |
Affected
|