CVE-2020-7374

moderate-risk
Published 2020-08-12

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.

Do I need to act?

!
44.1% chance of exploitation in next 30 days
EPSS score — higher than 56% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Affected Vendors

Documalis

References (2)

Exploit https://github.com/rapid7/metasploit-framework/pull/13517
Exploit https://github.com/rapid7/metasploit-framework/pull/13517
42
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 17/34 · Moderate
Exposure 7/34 · Low