{"id":"UBUNTU-CVE-2020-9359","details":"KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.","modified":"2025-10-24T04:48:20Z","published":"2020-03-24T14:15:00Z","upstream":["CVE-2020-9359"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-9359"},{"type":"REPORT","url":"https://kde.org/info/security/advisory-20200312-1.txt"},{"type":"REPORT","url":"https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/"},{"type":"REPORT","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2020-9359"}],"affected":[{"package":{"name":"okular","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/okular@4:15.12.3-0ubuntu1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:15.08.2-0ubuntu1","4:15.08.2-0ubuntu2","4:15.08.2-0ubuntu3","4:15.12.1-1ubuntu1","4:15.12.3-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libokularcore7","binary_version":"4:15.12.3-0ubuntu1"},{"binary_name":"okular","binary_version":"4:15.12.3-0ubuntu1"},{"binary_name":"okular-dev","binary_version":"4:15.12.3-0ubuntu1"},{"binary_name":"okular-extra-backends","binary_version":"4:15.12.3-0ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-9359.json"}},{"package":{"name":"okular","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/okular@4:17.12.3-0ubuntu1+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:17.04.3-0ubuntu1","4:17.08.3-0ubuntu1","4:17.08.3-0ubuntu2","4:17.12.2-0ubuntu3","4:17.12.3-0ubuntu1","4:17.12.3-0ubuntu1+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"libokular5core8","binary_version":"4:17.12.3-0ubuntu1+esm1"},{"binary_name":"okular","binary_version":"4:17.12.3-0ubuntu1+esm1"},{"binary_name":"okular-dev","binary_version":"4:17.12.3-0ubuntu1+esm1"},{"binary_name":"okular-extra-backends","binary_version":"4:17.12.3-0ubuntu1+esm1"},{"binary_name":"okular-mobile","binary_version":"4:17.12.3-0ubuntu1+esm1"},{"binary_name":"qml-module-org-kde-okular","binary_version":"4:17.12.3-0ubuntu1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-9359.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}]}