Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
References
Link | Resource |
---|---|
https://github.com/rapid7/metasploit-framework/pull/13517 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-08-12 11:15
Updated : 2020-08-19 06:07
NVD link : CVE-2020-7374
Mitre link : CVE-2020-7374
JSON object : View
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Products Affected
documalis
- free_pdf_scanner
- free_pdf_editor