Search criteria
2 vulnerabilities found for Free PDF Scanner by Documalis
CVE-2020-7374 (GCVE-0-2020-7374)
Vulnerability from cvelistv5 – Published: 2020-08-12 17:25 – Updated: 2024-09-17 02:26
VLAI?
Title
Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow
Summary
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Documalis | Free PDF Editor |
Affected:
5.7.2.26
|
|||||||
|
|||||||||
Credits
This issue was discovered and reported by metacom27.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Free PDF Editor",
"vendor": "Documalis",
"versions": [
{
"status": "affected",
"version": "5.7.2.26"
}
]
},
{
"product": "Free PDF Scanner",
"vendor": "Documalis",
"versions": [
{
"status": "affected",
"version": "5.7.2.122"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by metacom27."
}
],
"descriptions": [
{
"lang": "en",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-12T17:25:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "",
"ID": "CVE-2020-7374",
"STATE": "PUBLIC",
"TITLE": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Free PDF Editor",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "5.7.2.26",
"version_value": "5.7.2.26"
}
]
}
},
{
"product_name": "Free PDF Scanner",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "5.7.2.122",
"version_value": "5.7.2.122"
}
]
}
}
]
},
"vendor_name": "Documalis"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by metacom27."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13517",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7374",
"datePublished": "2020-08-12T17:25:17.985247Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T02:26:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7374 (GCVE-0-2020-7374)
Vulnerability from nvd – Published: 2020-08-12 17:25 – Updated: 2024-09-17 02:26
VLAI?
Title
Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow
Summary
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Documalis | Free PDF Editor |
Affected:
5.7.2.26
|
|||||||
|
|||||||||
Credits
This issue was discovered and reported by metacom27.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Free PDF Editor",
"vendor": "Documalis",
"versions": [
{
"status": "affected",
"version": "5.7.2.26"
}
]
},
{
"product": "Free PDF Scanner",
"vendor": "Documalis",
"versions": [
{
"status": "affected",
"version": "5.7.2.122"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by metacom27."
}
],
"descriptions": [
{
"lang": "en",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-12T17:25:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "",
"ID": "CVE-2020-7374",
"STATE": "PUBLIC",
"TITLE": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Free PDF Editor",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "5.7.2.26",
"version_value": "5.7.2.26"
}
]
}
},
{
"product_name": "Free PDF Scanner",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "5.7.2.122",
"version_value": "5.7.2.122"
}
]
}
}
]
},
"vendor_name": "Documalis"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by metacom27."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13517",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7374",
"datePublished": "2020-08-12T17:25:17.985247Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T02:26:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}