CVE-2020-36023

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions poppler version 20.12.1

Description The issue allows remote attackers to cause a denial of service (DoS) via a crafted .pdf file to the cvtGlyph function of the FoFiType1C component. This is related to the execution of a loop with an inaccessible exit condition. Exploitation of the issue may allow a remote attacker to cause a denial of service using a specially crafted PDF file.

Recommendations For poppler version 20.12.1, consider disabling the cvtGlyph function of the FoFiType1C component as a temporary workaround until a patch is available.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2023-07624

CVE-2020-36023

DLA-3528-1

DLA-4141-1

MGASA-2023-0262

OPENSUSE-SU-2023_4187-1

OPENSUSE-SU-2023_4562-1

SUSE-SU-2023:4187-1

SUSE-SU-2023:4362-1

SUSE-SU-2023:4546-1

SUSE-SU-2023:4562-1

USN-6299-1

Affected Products

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Poppler

CVE-2020-36023

Weakness Enumeration

Related Identifiers

Affected Products

References · 54