Heap-based Buffer Overflow in Poppler PDF Rendering Library
CVE-2020-35702

7.8HIGH

Key Information:

Vendor: Freedesktop
Status: Poppler
Vendor: CVE Published:; 25 December 2020

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2020-35702?

The Poppler PDF library is susceptible to a heap-based buffer overflow when processing a specially crafted PDF document. This vulnerability primarily affects builds from Poppler git clones created in late December 2020. Subsequent updates have clarified that the official 20.12.1 release does not contain this flaw. However, the risk persists for third-party open source projects that depend on these affected Poppler versions. Users should be cautious and assess their dependencies to mitigate potential exploits arising from this issue.

References

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2020
Vulnerability Reserved
Dec 25, 2020