CVE-2020-24999

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029	Exploit Vendor Advisory
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:xpdfreader:xpdf:4.0.2:*:*:*:*:*:*:*

History

21 Nov 2024, 05:16

Type	Values Removed	Values Added
References	~~() https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 - Exploit, Vendor Advisory~~	() https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 - Exploit, Vendor Advisory

Information

Published : 2020-09-03 23:15

Updated : 2024-11-21 05:16

NVD link : CVE-2020-24999

Mitre link : CVE-2020-24999

CVE.ORG link : CVE-2020-24999

JSON object : View

Products Affected

xpdfreader

xpdf

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2020-24999", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-09-03T23:15:09.807", "references": [{"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact."}, {"lang": "es", "value": "Se presenta un acceso a la memoria no v\u00e1lido en la funci\u00f3n fprintf ubicada en el archivo Error.cc en Xpdf versi\u00f3n 4.0.2. Puede ser activada mediante el env\u00edo de un archivo PDF dise\u00f1ado, hacia el binario pdftohtml, que permite a un atacante remoto causar una Denegaci\u00f3n de Servicio o posiblemente tener otro impacto no especificado"}], "lastModified": "2024-11-21T05:16:25.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4A08C08-5321-4B5B-ACD5-7FA191DCF3E2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}