CVE-2020-22336

NameCVE-2020-22336
DescriptionAn issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3517-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pdfcrack (PTS)buster0.16-3vulnerable
buster (security)0.16-3+deb10u1fixed
bullseye0.19-2fixed
sid, trixie, bookworm0.20-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pdfcracksourcebuster0.16-3+deb10u1DLA-3517-1
pdfcracksource(unstable)0.19-1

Notes

https://sourceforge.net/p/pdfcrack/bugs/12/
Search for package or bug name: Reporting problems