CVE-2020-35702

Name of the Vulnerable Software and Affected Versions Poppler versions prior to 20.12.1

Description The issue is related to a heap-based buffer overflow in the DCTStream::getChars function in DCTStream.cc, which can be triggered by a crafted PDF document. This affects builds from Poppler git clones made in late December 2020. Several third-party Open Source projects that rely on these git clones are potentially impacted.

Recommendations For versions prior to 20.12.1, consider updating to a version that is not based on a git clone from late December 2020, as the official 20.12.1 release is not affected. As a temporary workaround, consider restricting the use of crafted PDF documents until a patch is available.