{"id":"ALPINE-CVE-2020-35702","details":"DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects","modified":"2025-11-19T01:01:52.001883Z","published":"2020-12-25T02:15:12.900Z","upstream":["CVE-2020-35702"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2020-35702"}],"affected":[{"package":{"name":"poppler","ecosystem":"Alpine:v3.13","purl":"pkg:apk/alpine/poppler?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-35702.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}