Search criteria
3 vulnerabilities found for free_pdf_scanner by documalis
FKIE_CVE-2020-7374
Vulnerability from fkie_nvd - Published: 2020-08-12 18:15 - Updated: 2024-11-21 05:37
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
References
| URL | Tags | ||
|---|---|---|---|
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/pull/13517 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/13517 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| documalis | free_pdf_editor | 5.7.2.26 | |
| documalis | free_pdf_scanner | 5.7.2.122 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:documalis:free_pdf_editor:5.7.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA9469B-1360-4EA1-B53C-E943309E8DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:documalis:free_pdf_scanner:5.7.2.122:*:*:*:*:*:*:*",
"matchCriteriaId": "348D13E5-554C-4903-BFA4-F955168142F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
},
{
"lang": "es",
"value": "Documalis Free PDF Editor versi\u00f3n 5.7.2.26 y Documalis Free PDF Scanner versi\u00f3n 5.7.2.122, no comprueban apropiadamente el contenido de las im\u00e1genes JPEG contenidas dentro de un PDF. Los atacantes pueden explotar esta vulnerabilidad para desencadenar un desbordamiento del b\u00fafer en la pila y conseguir una ejecuci\u00f3n de c\u00f3digo remota cuando el usuario ejecuta el software Documalis Free PDF Editor o Documalis Free PDF Scanner"
}
],
"id": "CVE-2020-7374",
"lastModified": "2024-11-21T05:37:07.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-12T18:15:18.013",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7374 (GCVE-0-2020-7374)
Vulnerability from cvelistv5 – Published: 2020-08-12 17:25 – Updated: 2024-09-17 02:26
VLAI?
Title
Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow
Summary
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Documalis | Free PDF Editor |
Affected:
5.7.2.26
|
|||||||
|
|||||||||
Credits
This issue was discovered and reported by metacom27.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Free PDF Editor",
"vendor": "Documalis",
"versions": [
{
"status": "affected",
"version": "5.7.2.26"
}
]
},
{
"product": "Free PDF Scanner",
"vendor": "Documalis",
"versions": [
{
"status": "affected",
"version": "5.7.2.122"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by metacom27."
}
],
"descriptions": [
{
"lang": "en",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-12T17:25:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "",
"ID": "CVE-2020-7374",
"STATE": "PUBLIC",
"TITLE": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Free PDF Editor",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "5.7.2.26",
"version_value": "5.7.2.26"
}
]
}
},
{
"product_name": "Free PDF Scanner",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "5.7.2.122",
"version_value": "5.7.2.122"
}
]
}
}
]
},
"vendor_name": "Documalis"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by metacom27."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13517",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7374",
"datePublished": "2020-08-12T17:25:17.985247Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T02:26:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7374 (GCVE-0-2020-7374)
Vulnerability from nvd – Published: 2020-08-12 17:25 – Updated: 2024-09-17 02:26
VLAI?
Title
Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow
Summary
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Documalis | Free PDF Editor |
Affected:
5.7.2.26
|
|||||||
|
|||||||||
Credits
This issue was discovered and reported by metacom27.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Free PDF Editor",
"vendor": "Documalis",
"versions": [
{
"status": "affected",
"version": "5.7.2.26"
}
]
},
{
"product": "Free PDF Scanner",
"vendor": "Documalis",
"versions": [
{
"status": "affected",
"version": "5.7.2.122"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by metacom27."
}
],
"descriptions": [
{
"lang": "en",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-12T17:25:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "",
"ID": "CVE-2020-7374",
"STATE": "PUBLIC",
"TITLE": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Free PDF Editor",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "5.7.2.26",
"version_value": "5.7.2.26"
}
]
}
},
{
"product_name": "Free PDF Scanner",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "5.7.2.122",
"version_value": "5.7.2.122"
}
]
}
}
]
},
"vendor_name": "Documalis"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by metacom27."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13517",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13517"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7374",
"datePublished": "2020-08-12T17:25:17.985247Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T02:26:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}