Search for vulnerabilities
Vulnerability details: VCID-pjcg-14ye-xugt
Vulnerability ID VCID-pjcg-14ye-xugt
Aliases CVE-2020-18839
Summary Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-400 Uncontrolled Resource Consumption
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2020-18839
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://gitlab.freedesktop.org/poppler/poppler/issues/742
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-18839
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json
https://api.first.org/data/v1/epss?cve=CVE-2020-18839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2234524 https://bugzilla.redhat.com/show_bug.cgi?id=2234524
742 https://gitlab.freedesktop.org/poppler/poppler/issues/742
cpe:2.3:a:freedesktop:poppler:0.75.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.75.0:*:*:*:*:*:*:*
CVE-2020-18839 https://nvd.nist.gov/vuln/detail/CVE-2020-18839
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:29:54Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/issues/742
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-18839
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.40412
EPSS Score 0.00182
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:44:51.516401+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2020/18xxx/CVE-2020-18839.json 37.0.0