CVE-2020-9359 : KDE Okular before 1.10.0 allows code execution via an action link in a PDF docum

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

Published 2020-03-24 14:15:14

Updated 2022-04-12 18:41:30

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-9359

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
KDE » Okular
Versions before (<) 1.10.0
cpe:2.3:a:kde:okular:*:*:*:*:*:*:*:*
Matching versions
KDE » Okular
Versions from including (>=) 19.12.0 and before (<) 19.12.3
cpe:2.3:a:kde:okular:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-9359

EPSS FAQ

2.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-9359

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
5.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	1.8	3.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

References for CVE-2020-9359

https://lists.debian.org/debian-lts-announce/2021/12/msg00019.html

[SECURITY] [DLA 2856-1] okular security update
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/

[SECURITY] Fedora 31 Update: okular-19.12.3-2.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW6GJ3AKGXOMTDHNZBMSXDTWNJJRFBDH/

[SECURITY] Fedora 32 Update: okular-19.12.3-2.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244

Document::processAction: If the url points to a binary, don't run it (6a93a033) · Commits · KDE / Okular · GitLab
Patch;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html

[SECURITY] [DLA 2159-1] okular security update
Third Party Advisory
https://kde.org/info/security/advisory-20200312-1.txt

Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3HL3F6JLCSRLPFZ47735F5STPJWDVR4/

[SECURITY] Fedora 30 Update: okular-19.12.3-2.fc30 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://security.gentoo.org/glsa/202007-47

Okular: Local restricted command execution (GLSA 202007-47) — Gentoo security
Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-9359

Products affected by CVE-2020-9359

Exploit prediction scoring system (EPSS) score for CVE-2020-9359

CVSS scores for CVE-2020-9359

References for CVE-2020-9359