CVE-2020-9359 — Incomplete List of Disallowed Inputs in Okular

CWE-184 — Incomplete List of Disallowed Inputs CWE-20 — Improper Input Validation9 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

2.6%

top 14.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Okular Debian Linux Fedoraproject Fedora

Timeline

PublishedMar 24

Latest updateMay 24

Description

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

▶NVDkde/okular19.12.0 — 19.12.3+1

▶Debiankde/okular< 4:19.12.3-2+3

Also affects: Debian Linux 8.0, Fedora 30, 31, 32

Patches

Patch: invent.kde.org ↗Patch: invent.kde.org ↗

🔴Vulnerability Details

GHSA

GHSA-jmvc-hx3f-5mj7: KDE Okular before 1↗2022-05-24

▶

OSV

CVE-2020-9359: KDE Okular before 1↗2020-03-24

▶

CVEList

CVE-2020-9359: KDE Okular before 1↗2020-03-24

▶

📋Vendor Advisories

Red Hat

okular: local binary execution via specially crafted PDF files↗2020-03-12

▶

Debian

CVE-2020-9359: okular - KDE Okular before 1.10.0 allows code execution via an action link in a PDF docum...↗2020

▶

💬Community

Bugzilla

CVE-2020-9359 okular: local binary execution via specially crafted PDF files [epel-8]↗2020-03-20

▶

Bugzilla

CVE-2020-9359 okular: local binary execution via specially crafted PDF files [fedora-all]↗2020-03-20

▶

Bugzilla

CVE-2020-9359 okular: local binary execution via specially crafted PDF files↗2020-03-20

▶