CVE-2020-27778

HIGH

Freedesktop Poppler < 0.76.0 - Denial of Service

Title source: rule

Description

A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

References (2)

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1900712

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 51.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-824

Status published

Products (3)

debian/debian_linux 10.0

freedesktop/poppler < 0.76.0

redhat/enterprise_linux 8.0

Published Dec 03, 2020

Tracked Since Feb 18, 2026