6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
0.003 Low
EPSS
Percentile
69.0%
Severity: Low
Date : 2020-03-13
CVE-ID : CVE-2020-9359
Package : okular
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1113
The package okular before version 19.12.3-3 is vulnerable to arbitrary
command execution.
Upgrade to 19.12.3-3.
The problem has been fixed upstream but no release is available yet.
None.
A security issue has been found in Okular before 1.10.0, that can be
tricked into executing local binaries via specially crafted PDF files.
This binary execution can require almost no user interaction. No
parameters can be passed to those local binaries.
A remote attacker can execute an arbitrary command by tricking a local
user into opening a specially crafted PDF document.
https://kde.org/info/security/advisory-20200312-1.txt
https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
https://security.archlinux.org/CVE-2020-9359
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
0.003 Low
EPSS
Percentile
69.0%