CVE-2020-23804: 
NixOS vulnerability analysis and mitigation

Uncontrolled Recursion in pdfinfo and pdftops components of poppler version 0.89.0 was discovered, identified as CVE-2020-23804. The vulnerability was disclosed on August 22, 2023, affecting the PDF rendering library poppler. This security flaw allows remote attackers to cause a denial of service through specially crafted input (NVD).

The vulnerability is classified as an Uncontrolled Recursion issue (CWE-674) in the XRef::readXRefTable() function. The severity is rated as HIGH with a CVSS v3.1 base score of 7.5. The vulnerability has the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

When exploited, this vulnerability can lead to a denial of service condition through stack overflow in the XRef::readXRefTable() function. The impact primarily affects the availability of the system, with no direct impact on confidentiality or integrity (Ubuntu Security).

The vulnerability has been fixed in multiple distributions. Ubuntu has released patches for various versions: Ubuntu 20.04 LTS (0.86.1-0ubuntu1.4), Ubuntu 18.04 LTS (0.62.0-2ubuntu2.14+esm2), and Ubuntu 16.04 LTS (0.41.0-0ubuntu1.16+esm4). Debian has also addressed this in version 0.71.0-5+deb10u3 for Debian 10 Buster (Debian Security, Ubuntu Security).