CVE-2020-9359

MEDIUM

KDE Okular <1.10.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9359. PoCs published by tnpitsecurity.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2020-9359, a command execution vulnerability in Okular PDF reader due to improper handling of HyperLinks. It includes proof-of-concept examples and patch information.

Description

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

Exploits (1)

github WRITEUP 4 stars
by tnpitsecurity · poc
https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2020-9359

The repository provides a detailed technical analysis of CVE-2020-9359, a command execution vulnerability in Okular PDF reader due to improper handling of HyperLinks. It includes proof-of-concept examples and patch information.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Okular < 1.10.0
No auth needed
Prerequisites: Victim interaction (clicking a hyperlink or enabling forms)
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (8)

Core 8
Core References
Mailing List, Third Party Advisory x_refsource_confirm
https://kde.org/info/security/advisory-20200312-1.txt
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202007-47
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/12/msg00019.html

Scores

CVSS v3 5.3
EPSS 0.0145
EPSS Percentile 70.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

Status published
Products (5)
debian/debian_linux 8.0
fedoraproject/fedora 30
fedoraproject/fedora 31
fedoraproject/fedora 32
kde/okular < 1.10.0
Published Mar 24, 2020
Tracked Since Feb 18, 2026