CVE-2020-36024

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions poppler version 20.12.1

Description The issue is related to the FoFiType1C::convertToType1 function in the poppler library for rendering PDF files. It is associated with uncontrolled recursion, which can be exploited by attackers to cause a denial of service (DoS) via a crafted .pdf file.

Recommendations For poppler version 20.12.1, consider disabling the FoFiType1C::convertToType1 function as a temporary workaround until a patch is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

ALSA-2024:2979

ALT-PU-2025-9424

BDU:2023-06640

CESA-2024_2979

CVE-2020-36024

DLA-3528-1

DLA-4141-1

INFSA-2024_2979

MGASA-2023-0262

OESA-2025-2620

OESA-2025-2621

OESA-2025-2622

OPENSUSE-SU-2023_3983-1

OPENSUSE-SU-2023_3998-1

RHSA-2024:2979

RHSA-2024_2979

SUSE-SU-2023:3981-1

SUSE-SU-2023:3982-1

SUSE-SU-2023:3983-1

SUSE-SU-2023:3998-1

USN-6299-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Poppler

CVE-2020-36024

Weakness Enumeration

Related Identifiers

Affected Products

References · 111