Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-38171

Published: 22/08/2022 Updated: 27/10/2022
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Xpdf

Vulnerability Summary

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xpdfreader xpdf 4.04

freedesktop poppler

Vendor Advisories

Debian CVElist Bug Report Logs: poppler: CVE-2022-38784
Debian Bug report logs - #1018971 poppler: CVE-2022-38784 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 2 Sep 2022 20:09:01 UTC Severity: grave Tags: securi ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2813 xpdf 403-1 404-1 Unknown Fixed wwwopenwallcom/lists/oss-security/2022/09/02/11 ...

Github Repositories

https://github.com/zmanion/Xpdf

quasi-fork of Xpdf

Xpdf quasi-fork of Xpdf wwwxpdfreadercom/downloadhtml wwwxpdfreadercom/old-versionshtml gistgithubcom/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6 For example, here is the fix for CVE-2022-38171

References

CWE-190https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.htmlhttps://github.com/jeffssh/CVE-2021-30860https://www.cve.org/CVERecord?id=CVE-2021-30860http://www.xpdfreader.com/security-fixes.htmlhttps://dl.xpdfreader.com/xpdf-4.04.tar.gzhttp://www.openwall.com/lists/oss-security/2022/09/02/11https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.mdhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018971https://nvd.nist.govhttps://github.com/zmanion/Xpdf
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook