CVE-2020-7374

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.

CVSS v3 5.3 MEDIUM
CVSS v2.0 6.8 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/rapid7/metasploit-framework/pull/13517	Exploit Issue Tracking Patch Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/13517	Exploit Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:documalis:free_pdf_editor:5.7.2.26:::::::*
	cpe:2.3:a:documalis:free_pdf_scanner:5.7.2.122:::::::*

History

21 Nov 2024, 05:37

Type	Values Removed	Values Added
CVSS	v2 : ~~6.8~~ v3 : ~~7.8~~	v2 : 6.8 v3 : 5.3
References	~~() https://github.com/rapid7/metasploit-framework/pull/13517 - Exploit, Issue Tracking, Patch, Third Party Advisory~~	() https://github.com/rapid7/metasploit-framework/pull/13517 - Exploit, Issue Tracking, Patch, Third Party Advisory

Information

Published : 2020-08-12 18:15

Updated : 2024-11-21 05:37

NVD link : CVE-2020-7374

Mitre link : CVE-2020-7374

CVE.ORG link : CVE-2020-7374

JSON object : View

Products Affected

documalis

free_pdf_scanner
free_pdf_editor

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2020-7374", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-08-12T18:15:18.013", "references": [{"url": "https://github.com/rapid7/metasploit-framework/pull/13517", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@rapid7.com"}, {"url": "https://github.com/rapid7/metasploit-framework/pull/13517", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."}, {"lang": "es", "value": "Documalis Free PDF Editor versi\u00f3n 5.7.2.26 y Documalis Free PDF Scanner versi\u00f3n 5.7.2.122, no comprueban apropiadamente el contenido de las im\u00e1genes JPEG contenidas dentro de un PDF. Los atacantes pueden explotar esta vulnerabilidad para desencadenar un desbordamiento del b\u00fafer en la pila y conseguir una ejecuci\u00f3n de c\u00f3digo remota cuando el usuario ejecuta el software Documalis Free PDF Editor o Documalis Free PDF Scanner"}], "lastModified": "2024-11-21T05:37:07.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:documalis:free_pdf_editor:5.7.2.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA9469B-1360-4EA1-B53C-E943309E8DF5"}, {"criteria": "cpe:2.3:a:documalis:free_pdf_scanner:5.7.2.122:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "348D13E5-554C-4903-BFA4-F955168142F8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}