Login Sign Up

CVE-2020-35376

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2020-35376 is a stack-based buffer overflow vulnerability in Xpdf 4.02's Type 1C font parser. Attackers can craft malicious PDF files to cause denial of service or potentially execute arbitrary code. Anyone using Xpdf to process untrusted PDF files is affected.

💻 Affected Systems

Products:
  • Xpdf
Versions: 4.02 and earlier versions
Operating Systems: All platforms running Xpdf
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using Xpdf to parse PDF files with Type 1C fonts is vulnerable.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Xpdf by Xpdfreader

View all CVEs affecting Xpdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the attacker can control execution flow after overflow.

🟠

Likely Case

Denial of service through application crash when processing malicious PDF files.

🟢

If Mitigated

Application crash with no further impact if exploit attempts fail or are contained.

🌐 Internet-Facing: MEDIUM - PDF processing services exposed to untrusted uploads could be targeted.
🏢 Internal Only: LOW - Requires user interaction to open malicious PDF files internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious PDF file that triggers the vulnerable font parsing code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Xpdf 4.03 and later

Vendor Advisory: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42066

Restart Required: No

Instructions:

1. Download Xpdf 4.03 or later from https://www.xpdfreader.com/download.html. 2. Replace existing Xpdf installation with new version. 3. Verify installation with 'pdftotext -v' command.

🔧 Temporary Workarounds

Disable Type 1C font processing

all

Configure Xpdf to disable Type 1C font parsing if not required

Not applicable - requires source code modification

🧯 If You Can't Patch

  • Restrict PDF file processing to trusted sources only
  • Implement sandboxing for PDF processing applications

🔍 How to Verify

Check if Vulnerable:

Run 'pdftotext -v' and check if version is 4.02 or earlier

Check Version:

pdftotext -v

Verify Fix Applied:

Run 'pdftotext -v' and confirm version is 4.03 or later

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing PDF files
  • Memory access violation errors in logs

Network Indicators:

  • Unusual PDF file uploads to web services
  • Multiple failed PDF processing attempts

SIEM Query:

source="application.log" AND ("segmentation fault" OR "access violation") AND process="pdftotext"

📊 Metadata

CVE ID: CVE-2020-35376
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: December 26, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35376, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)