Vulnerability Details CVE-2020-9359
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.9%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 6.8
References
- https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
- https://kde.org/info/security/advisory-20200312-1.txt
- https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AW6GJ3AKGXOMTDHNZBMSXDTWNJJRFBDH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G3HL3F6JLCSRLPFZ47735F5STPJWDVR4/
- https://security.gentoo.org/glsa/202007-47
- https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
- https://kde.org/info/security/advisory-20200312-1.txt
- https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AW6GJ3AKGXOMTDHNZBMSXDTWNJJRFBDH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G3HL3F6JLCSRLPFZ47735F5STPJWDVR4/
- https://security.gentoo.org/glsa/202007-47
Products affected by CVE-2020-9359
-
cpe:2.3:a:kde:okular:*
-
cpe:2.3:a:kde:okular:1.8
-
cpe:2.3:a:kde:okular:1.9
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32