DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects
References
Link | Resource |
---|---|
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-25T01:02:58
Updated: 2020-12-28T08:36:57
Reserved: 2020-12-25T00:00:00
Link: CVE-2020-35702
JSON object: View
NVD Information
Status : Modified
Published: 2020-12-25T02:15:12.900
Modified: 2024-05-17T01:48:24.987
Link: CVE-2020-35702
JSON object: View
Redhat Information
No data.
CWE