Code Execution Vulnerability in KDE Okular PDF Viewer
CVE-2020-9359

5.3MEDIUM

Key Information:

Vendor

Kde

Status
Okular
Vendor
CVE Published:
24 March 2020

What is CVE-2020-9359?

The vulnerability in KDE Okular allows malicious actors to execute arbitrary code through specially crafted action links in PDF documents. Users of Okular versions prior to 1.10.0 are at risk if they open such documents. This exploitation can lead to unauthorized access to sensitive data or further system compromise. It is crucial for users to update their software to the latest version to mitigate potential threats associated with this vulnerability.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://invent.kde.org/kde/okular/-/commit/6a93a033b4f924...
x_refsource_CONFIRM
https://kde.org/info/security/advisory-20200312-1.txt
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.