MidnightBSD

Advisories for unidocs

CVE-2020-7870 MEDIUM

A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
vuln@krcert.or.kr 6.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
unidocs ezpdf_editor *
unidocs ezpdf_reader *
CVE-2021-26605 HIGH

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vuln@krcert.or.kr 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
unidocs ezpdfreader *