CVE-2020-23804

CWE-674 — Uncontrolled Recursion CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

7.5HIGH

EPSS

0.3%

top 50.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Freedesktop Poppler

Timeline

PublishedAug 22

Latest updateNov 28

Description

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debianpoppler< 20.09.0-1+3

▶Ubuntupoppler< 0.86.1-0ubuntu1.4+3

▶NVDfreedesktop/poppler0.89.0

Also affects: Debian Linux 10.0

Patches

Patch: gitlab.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

OSV

poppler regression↗2023-11-28

▶

OSV

poppler vulnerabilities↗2023-11-23

▶

CVEList

CVE-2020-23804: Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0↗2023-08-22

▶

GHSA

GHSA-cwfg-vhjr-jvv6: Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0↗2023-08-22

▶

OSV

CVE-2020-23804: Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2023-11-23

▶

Red Hat

poppler: uncontrolled recursion in pdfinfo and pdftops↗2020-06-29

▶

Debian

CVE-2020-23804: poppler - Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote a...↗2020

▶