Ubuntu.comUB:CVE-2020-25725CVE-2020-25725
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
36.0%
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state)
SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack->cache,
which causes an heap-use-after-free problem. The codes of a previous fix
for nested Type 3 characters wasn’t correctly handling the case where a
Type 3 char referred to another char in the same Type 3 font.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725>
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915
Notes
| Author | Note |
|---|---|
| jdstrand | xpdf in koffice is 2.0 |
| mdeslaur | no indication this also affects poppler, marking as not-affected |
| ebarretto | xpdf in Debian uses poppler, which is not affected or fixed |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
36.0%