CVE-2020-35702 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary code execution
Description	DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1382	poppler	20.12.1-1	21.01.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
04 Jan 2021	ASA-202101-3	AVG-1382	poppler	High	arbitrary code execution

References
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011 https://gitlab.freedesktop.org/poppler/poppler/uploads/8455cee26a313a3a0174a01e4ec80e33/poc https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639

References

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011
https://gitlab.freedesktop.org/poppler/poppler/uploads/8455cee26a313a3a0174a01e4ec80e33/poc
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639