Candidate: CVE-2020-20740
PublicDate: 2020-11-20 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20740
 https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (v0.21)
 https://github.com/enferex/pdfresurrect/issues/14
 https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397
Description:
 PDFResurrect before 0.20 lack of header validation checks causes
 heap-buffer-overflow in pdf_get_version().
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_pdfresurrect:
 upstream: https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397
upstream_pdfresurrect: released (0.21)
precise/esm_pdfresurrect: DNE
trusty_pdfresurrect: ignored (out of standard support)
trusty/esm_pdfresurrect: DNE
xenial_pdfresurrect: ignored (end of standard support, was needed)
bionic_pdfresurrect: needed
focal_pdfresurrect: needed
groovy_pdfresurrect: not-affected (0.21-1)
hirsute_pdfresurrect: not-affected
impish_pdfresurrect: not-affected (0.22-1)
jammy_pdfresurrect: not-affected (0.22-2)
devel_pdfresurrect: not-affected (0.22-2)