HIGH✓ PATCH🇬🇧 English

CVE-2022-38171

CVSS 7.8v3.1pub. 2022-08-22upd. 2024-11-21

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Freedesktop Poppler

    APP
    Freedesktop
    < 22.09.0
  • Xpdfreader Xpdf

    APP
    Xpdfreader
    4.04
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2019-9631CRITICAL9.8ten sam produkt

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

CVE-2021-30860HIGH7.8⚠ KEVten sam produkt

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-...

CVE-2024-6239HIGH7.5ten sam produkt

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo ...

CVE-2020-23804HIGH7.5ten sam produkt

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of ...

CVE-2021-36493HIGH7.5ten sam produkt

Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted ...