PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().
References
Link | Resource |
---|---|
https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 | Patch Third Party Advisory |
https://github.com/enferex/pdfresurrect/issues/14 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEEEPBBGER5LPABBRVZLMCC6Z24RBXW/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOIEVFM3SIMAEOFJKKMYH2TLZ7PXLSUD/ |
Configurations
History
01 Jan 2022, 18:10
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEEEPBBGER5LPABBRVZLMCC6Z24RBXW/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOIEVFM3SIMAEOFJKKMYH2TLZ7PXLSUD/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
Information
Published : 2020-11-20 19:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-20740
Mitre link : CVE-2020-20740
CVE.ORG link : CVE-2020-20740
JSON object : View
Products Affected
pdfresurrect_project
- pdfresurrect
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write