Vulnerabilities > CVE-2020-35702 - Out-of-bounds Write vulnerability in Freedesktop Poppler 20.12.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

freedesktop

CWE-787

NVD

Published: 2020-12-25

Updated: 2024-04-11

Summary

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects

Vulnerable Configurations

Part	Description	Count
Application	Freedesktop Freedesktop Poppler 20.12.1	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011