CVE Vulnerability

CVE-2020-7374

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/rapid7/metasploit-framework/pull/13517 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:documalis:free_pdf_scanner:5.7.2.122:*:*:*:*:*:*:*
cpe:2.3:a:documalis:free_pdf_editor:5.7.2.26:*:*:*:*:*:*:*
Information

Published : 2020-08-12 06:15

Updated : 2020-08-19 01:07

NVD link : CVE-2020-7374

Mitre link : CVE-2020-7374

Products Affected
No products.
CWE
CWE-120