Candidate: CVE-2020-9359
PublicDate: 2020-03-24 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9359
 https://kde.org/info/security/advisory-20200312-1.txt
 https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC)
 https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/
Description:
 KDE Okular before 1.10.0 allows code execution via an action link in a PDF
 document.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954891
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L [5.3 MEDIUM]


Patches_okular:
 upstream: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
upstream_okular: released (4:19.12.3-2)
precise/esm_okular: DNE
trusty_okular: ignored (out of standard support)
trusty/esm_okular: DNE
xenial_okular: ignored (end of standard support, was needed)
bionic_okular: needed
eoan_okular: ignored (reached end-of-life)
focal_okular: not-affected (4:19.12.3-2ubuntu1)
groovy_okular: not-affected (4:19.12.3-2ubuntu1)
hirsute_okular: not-affected (4:19.12.3-2ubuntu1)
impish_okular: not-affected (4:19.12.3-2ubuntu1)
jammy_okular: not-affected (4:19.12.3-2ubuntu1)
devel_okular: not-affected (4:19.12.3-2ubuntu1)