{"id":"CVE-2020-9359","details":"KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.","modified":"2026-04-16T04:38:32.831077734Z","published":"2020-03-24T14:15:13.577Z","related":["openSUSE-SU-2024:11110-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AW6GJ3AKGXOMTDHNZBMSXDTWNJJRFBDH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G3HL3F6JLCSRLPFZ47735F5STPJWDVR4/"},{"type":"ADVISORY","url":"https://kde.org/info/security/advisory-20200312-1.txt"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00019.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-47"},{"type":"FIX","url":"https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kde/okular","events":[{"introduced":"f7f2b3105fbc59830c5153f59b63e1f6c6c5c6be"},{"fixed":"81c005710cdbb23f9ed9ebcc4aee4db69d33434d"}],"database_specific":{"versions":[{"introduced":"19.12.0"},{"fixed":"19.12.3"}]}}],"versions":["v19.12.0","v19.12.1","v19.12.2"],"database_specific":{"vanir_signatures":[{"id":"CVE-2020-9359-00a4aafa","signature_type":"Function","digest":{"length":727,"function_hash":"26823166276780174318208233458442789712"},"target":{"file":"core/page.cpp","function":"PagePrivate::imageRotationDone"},"signature_version":"v1","deprecated":false,"source":"https://github.com/kde/okular/commit/81c005710cdbb23f9ed9ebcc4aee4db69d33434d"},{"id":"CVE-2020-9359-5c9e0945","signature_type":"Line","source":"https://github.com/kde/okular/commit/81c005710cdbb23f9ed9ebcc4aee4db69d33434d","digest":{"threshold":0.9,"line_hashes":["103477504479933573462645002385604803675","174608747667283521650042549385698051925","336346411585471588962494241290132846721","106443721749238156279133402094561450340","152334232973350142638199216814253405009","260759493130988424377960062138205595341","130747372222879974200963138800771149558","25975057783018457561650396263621492751","146460686465375423733051567751044411027","49875568837799417773098985493878237559","210122222813725661431340495021618530640","9294599941181623443229732043776791921","101842513946858533376564493503601166395","3192522789925630668787452212783594524","236299577573811057078399850161616446577"]},"signature_version":"v1","deprecated":false,"target":{"file":"core/page.cpp"}},{"id":"CVE-2020-9359-7dcc545b","signature_type":"Function","source":"https://github.com/kde/okular/commit/81c005710cdbb23f9ed9ebcc4aee4db69d33434d","digest":{"length":679,"function_hash":"55452390609546155863547246059151910967"},"signature_version":"v1","deprecated":false,"target":{"file":"core/page.cpp","function":"Page::hasPixmap"}},{"id":"CVE-2020-9359-a744e7a5","signature_type":"Line","deprecated":false,"target":{"file":"core/page_p.h"},"source":"https://github.com/kde/okular/commit/81c005710cdbb23f9ed9ebcc4aee4db69d33434d","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["292196443006284438470786731231660970249","128579163328239113586340907204660594120","43136393125989925144730966015402196533","253142715234395562416841977251878011371"]}},{"id":"CVE-2020-9359-b15c9847","signature_type":"Function","deprecated":false,"target":{"file":"core/page.cpp","function":"PagePrivate::setPixmap"},"source":"https://github.com/kde/okular/commit/81c005710cdbb23f9ed9ebcc4aee4db69d33434d","signature_version":"v1","digest":{"length":914,"function_hash":"194474271673894041429572684263239600264"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]}],"vanir_signatures_modified":"2026-04-11T17:01:38Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9359.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}]}