What is CVE-2020-35702?

CVE-2020-35702 is a vulnerability in Poppler 20.12.1 that allows a crafted PDF document to cause a heap-based buffer overflow in the DCTStream::getChars function in DCTStream.cc.

How severe is CVE-2020-35702?

CVE-2020-35702 has a severity rating of 7.8 (high).

Which software versions are affected by CVE-2020-35702?

Poppler 20.12.1 is affected by CVE-2020-35702.

How can CVE-2020-35702 be exploited?

CVE-2020-35702 can be exploited by using a crafted PDF document.

Is there a fix available for CVE-2020-35702?

The fix for CVE-2020-35702 is available in later builds of Poppler git clones from late December 2020.

Vulnerability/
CVE-2020-35702

high

7.8

CWE

787 119

25/12/2020

4/8/2024

CVE-2020-35702: Buffer Overflow

First published: Fri Dec 25 2020(Updated: )

** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Poppler Utilities	=20.12.1

Never miss a vulnerability like this again

Reference Links

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011

Frequently Asked Questions

What is CVE-2020-35702?
CVE-2020-35702 is a vulnerability in Poppler 20.12.1 that allows a crafted PDF document to cause a heap-based buffer overflow in the DCTStream::getChars function in DCTStream.cc.
How severe is CVE-2020-35702?
CVE-2020-35702 has a severity rating of 7.8 (high).
Which software versions are affected by CVE-2020-35702?
Poppler 20.12.1 is affected by CVE-2020-35702.
How can CVE-2020-35702 be exploited?
CVE-2020-35702 can be exploited by using a crafted PDF document.
Is there a fix available for CVE-2020-35702?
The fix for CVE-2020-35702 is available in later builds of Poppler git clones from late December 2020.

agent/type
agent/severity
agent/weakness
agent/references
agent/author
agent/status
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/freedesktop
canonical/poppler utilities
version/poppler utilities/20.12.1
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.