CVE-2020-18750 – CVE-2020-18750 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2020-18750?

CVE-2020-18750 has a CVSS score of 7.8 (HIGH). CVE-2020-18750 is a buffer overflow vulnerability in pdf2json version 0.69 that allows local users to execute arbitrary code by converting a malicious PDF file. This affects systems where pdf2json is installed and users can process untrusted PDF files. The vulnerability requires local access to trigger the exploit.

📋 TL;DR

CVE-2020-18750 is a buffer overflow vulnerability in pdf2json version 0.69 that allows local users to execute arbitrary code by converting a malicious PDF file. This affects systems where pdf2json is installed and users can process untrusted PDF files. The vulnerability requires local access to trigger the exploit.

💻 Affected Systems

Products:

pdf2json

Versions: Version 0.69 specifically

Operating Systems: All operating systems where pdf2json is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where pdf2json is installed and users can process PDF files. The vulnerability is triggered during PDF conversion.

📦 What is this software?

Pdf2json by Flowpaper

View all CVEs affecting Pdf2json →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with arbitrary code execution as the user running pdf2json, potentially leading to privilege escalation or lateral movement.

🟠

Likely Case

Local privilege escalation or arbitrary code execution within the context of the user running the vulnerable pdf2json process.

🟢

If Mitigated

No impact if proper access controls prevent local users from executing pdf2json with untrusted PDF files.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring user interaction with PDF files, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users with access to run pdf2json on untrusted PDFs could exploit this for privilege escalation or code execution.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access and ability to run pdf2json with a crafted PDF file. The buffer overflow is straightforward to trigger with proper knowledge of the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 80bf71f16c804108fd933e267fe31692aaa509b4

Vendor Advisory: https://github.com/flexpaper/pdf2json/commit/80bf71f16c804108fd933e267fe31692aaa509b4

Restart Required: No

Instructions:

1. Update pdf2json to version after commit 80bf71f16c804108fd933e267fe31692aaa509b4. 2. If using source, pull latest from GitHub repository. 3. Recompile if using compiled version.

🔧 Temporary Workarounds

Restrict pdf2json execution

linux

Limit which users can execute pdf2json to prevent untrusted users from triggering the vulnerability

chmod 750 /usr/local/bin/pdf2json
setfacl -m u:trusteduser:rx /usr/local/bin/pdf2json

Sandbox pdf2json execution

all

Run pdf2json in a container or sandboxed environment to limit impact if exploited

docker run --rm -v $(pwd):/data pdf2json pdf2json -f input.pdf -o output.json

🧯 If You Can't Patch

Restrict access to pdf2json binary to only trusted users
Implement strict input validation for PDF files before processing with pdf2json

🔍 How to Verify

Check if Vulnerable:

Check if pdf2json version is 0.69: pdf2json --version or check installed package version

Check Version:

pdf2json --version 2>/dev/null || dpkg -l | grep pdf2json || rpm -qa | grep pdf2json

Verify Fix Applied:

Verify commit hash includes 80bf71f16c804108fd933e267fe31692aaa509b4 or version is newer than 0.69

📡 Detection & Monitoring

Log Indicators:

Multiple pdf2json process crashes
Unusual PDF file processing patterns
Suspicious command execution following pdf2json runs

Network Indicators:

None - this is a local vulnerability

SIEM Query:

process_name="pdf2json" AND (event_type="process_crash" OR cmdline="*pdf2json*" AND cmdline="*.pdf*")

📊 Metadata

CVE ID: CVE-2020-18750

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: February 5, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/flexpaper/pdf2json/commit/80bf71f16c804108fd933e267fe31692aaa509b4 Patch,Third Party Advisory
https://github.com/flexpaper/pdf2json/issues/22 Exploit,Issue Tracking,Third Party Advisory
https://github.com/flexpaper/pdf2json/commit/80bf71f16c804108fd933e267fe31692aaa509b4 Patch,Third Party Advisory
https://github.com/flexpaper/pdf2json/issues/22 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18750, you might also want to check these: