CVE-2020-7374 — MEDIUM (5.3)

Vulnerability Description

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Documalis	Free Pdf Editor	5.7.2.26
Documalis	Free Pdf Scanner	5.7.2.122

Related Weaknesses (CWE)

CWE-120

References

https://github.com/rapid7/metasploit-framework/pull/13517ExploitIssue TrackingPatch
https://github.com/rapid7/metasploit-framework/pull/13517ExploitIssue TrackingPatch

FAQ

What is CVE-2020-7374?

CVE-2020-7374 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this...

How severe is CVE-2020-7374?

CVE-2020-7374 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7374?

Check the references section above for vendor advisories and patch information. Affected products include: Documalis Free Pdf Editor, Documalis Free Pdf Scanner.