CVE-2020-20740

Type: 

Out-of-bounds Write

Severity: 

Medium

Publication date: 

11/20/2020

Last modified: 

12/04/2020

Description

PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().

Impact

Access Vector: Through network

Access Complexity: Media

Authentication: Not required to exploit

Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability

Vulnerable software and versions

• cpe:2.3:a:pdfresurrect_project:pdfresurrect:*:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

• https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (Source: MISC)
• https://github.com/enferex/pdfresurrect/issues/14 (Source: MISC)
• [debian-lts-announce] 20201201 [SECURITY] [DLA 2475-1] pdfresurrect security update (Source: MLIST)
• FEDORA-2020-e9f9bb77a0 (Source: FEDORA)
• FEDORA-2020-92195be0e2 (Source: FEDORA)

Explanation of fields