CVE-2020-36023

CWE-835 CWE-119 — Buffer Overflow8 documents7 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 79.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler

Timeline

PublishedAug 11

Latest updateAug 17

Description

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDfreedesktop/poppler20.12.1

▶Debianpoppler< 20.09.0-3.1+deb11u2+3

▶Ubuntupoppler< 0.86.1-0ubuntu1.3+2

Patches

Patch: gitlab.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

OSV

poppler vulnerabilities↗2023-08-17

▶

OSV

CVE-2020-36023: An issue was discovered in freedesktop poppler version 20↗2023-08-11

▶

GHSA

GHSA-xrv4-xm8w-pm47: An issue was discovered in freedesktop poppler version 20↗2023-08-11

▶

CVEList

CVE-2020-36023: An issue was discovered in freedesktop poppler version 20↗2023-08-11

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2023-08-17

▶

Red Hat

poppler: Stack-Overflow in `FoFiType1C::cvtGlyph`↗2023-08-11

▶

Debian

CVE-2020-36023: poppler - An issue was discovered in freedesktop poppler version 20.12.1, allows remote at...↗2020

▶