{"containers": {"cna": {"affected": [{"product": "Free PDF Editor", "vendor": "Documalis", "versions": [{"status": "affected", "version": "5.7.2.26"}]}, {"product": "Free PDF Scanner", "vendor": "Documalis", "versions": [{"status": "affected", "version": "5.7.2.122"}]}], "credits": [{"lang": "en", "value": "This issue was discovered and reported by metacom27."}], "descriptions": [{"lang": "en", "value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-12T17:25:17", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/rapid7/metasploit-framework/pull/13517"}], "source": {"discovery": "EXTERNAL"}, "title": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "", "ID": "CVE-2020-7374", "STATE": "PUBLIC", "TITLE": "Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Free PDF Editor", "version": {"version_data": [{"platform": "", "version_affected": "=", "version_name": "5.7.2.26", "version_value": "5.7.2.26"}]}}, {"product_name": "Free PDF Scanner", "version": {"version_data": [{"platform": "", "version_affected": "=", "version_name": "5.7.2.122", "version_value": "5.7.2.122"}]}}]}, "vendor_name": "Documalis"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "This issue was discovered and reported by metacom27."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rapid7/metasploit-framework/pull/13517", "refsource": "MISC", "url": "https://github.com/rapid7/metasploit-framework/pull/13517"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "EXTERNAL"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:25:49.076Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rapid7/metasploit-framework/pull/13517"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2020-7374", "datePublished": "2020-08-12T17:25:17.985247Z", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-09-17T02:26:23.622Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:documalis:free_pdf_editor:5.7.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "5FA9469B-1360-4EA1-B53C-E943309E8DF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:documalis:free_pdf_scanner:5.7.2.122:*:*:*:*:*:*:*", "matchCriteriaId": "348D13E5-554C-4903-BFA4-F955168142F8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software."}, {"lang": "es", "value": "Documalis Free PDF Editor versi\u00f3n 5.7.2.26 y Documalis Free PDF Scanner versi\u00f3n 5.7.2.122, no comprueban apropiadamente el contenido de las im\u00e1genes JPEG contenidas dentro de un PDF. Los atacantes pueden explotar esta vulnerabilidad para desencadenar un desbordamiento del b\u00fafer en la pila y conseguir una ejecuci\u00f3n de c\u00f3digo remota cuando el usuario ejecuta el software Documalis Free PDF Editor o Documalis Free PDF Scanner"}], "id": "CVE-2020-7374", "lastModified": "2024-11-21T05:37:07.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cve@rapid7.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-12T18:15:18.013", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/13517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/13517"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}