PT-2020-5740 · Kde+3 · Okular+3

Mickael Karatekin

·

Published

2020-03-12

·

Updated

2024-06-15

·

CVE-2020-9359

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: KDE Okular versions prior to 1.10.0
Description: The issue is related to insufficient input validation in the Okular PDF viewer software, which can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability can be triggered via an action link in a PDF document, potentially allowing code execution.
Recommendations: For KDE Okular versions prior to 1.10.0, update to version 1.10.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of action links in PDF documents until the update is applied. Restrict access to sensitive data and monitor for any signs of unauthorized access or service disruption.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2020-1465
ALT-PU-2020-1519
BDU:2021-01695
CESA-2020_4024
CVE-2020-9359
DLA-2159-1
DLA-2856-1
MGASA-2020-0145
OPENSUSE-SU-2024:11110-1
RHSA-2020:4024
RHSA-2020_4024

Affected Products

Alt Linux
Centos
Okular
Red Hat