{"id":"CVE-2020-20740","details":"PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().","modified":"2026-03-20T11:34:43.347342Z","published":"2020-11-20T19:15:11.803Z","related":["MGASA-2020-0449"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOIEVFM3SIMAEOFJKKMYH2TLZ7PXLSUD/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEEEPBBGER5LPABBRVZLMCC6Z24RBXW/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html"},{"type":"REPORT","url":"https://github.com/enferex/pdfresurrect/issues/14"},{"type":"FIX","url":"https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/enferex/pdfresurrect","events":[{"introduced":"0"},{"fixed":"8d3c49233e4a70afd41a81c41209148af3dd0316"},{"fixed":"1b422459f07353adce2878806d5247d9e91fb397"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.20"}]}}],"versions":["v0.12","v0.13","v0.14","v0.15","v0.16","v0.17","v0.18","v0.19"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-20740.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]}],"vanir_signatures":[{"id":"CVE-2020-20740-5e0d8d3f","signature_type":"Line","deprecated":false,"target":{"file":"pdf.c"},"digest":{"threshold":0.9,"line_hashes":["62266750159890744348006957337408788746","169195486734458732263106163246851784474","153284992694108738737662845685979024342","56903497598125699159788243737290767559","77394035873851145772430697057605955968","35693386764973465030921666185768141793","282920137446285017441151096011442854157","321748552386024178567483816130139264730","72465639165843818648789851186588369287","184660810464958331862803195382228611509","271499173869166170498296605165084952622","237757158540245183057252936505937644163","64962517243295116239891511581128997676","98078392315662333278268181732229513471","50640456399914394826044555888067682661","303887941082232755509845151854448062642","211925282051974405174596615183286013494"]},"source":"https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397","signature_version":"v1"},{"id":"CVE-2020-20740-c7c6c892","signature_type":"Function","deprecated":false,"target":{"function":"pdf_get_version","file":"pdf.c"},"digest":{"length":353,"function_hash":"7694318883069593882664429430910905849"},"source":"https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397","signature_version":"v1"},{"id":"CVE-2020-20740-f0635895","signature_type":"Function","deprecated":false,"target":{"function":"pdf_is_pdf","file":"pdf.c"},"digest":{"length":187,"function_hash":"181394584310099238219538178524145636982"},"source":"https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}