Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-38784

Published: 30/08/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Freedesktop

Vulnerability Summary

A logic error in the Hints::Hints function of Poppler v22.03.0 allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337) Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop poppler

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 35

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Debian CVElist Bug Report Logs: poppler: CVE-2022-38784
Debian Bug report logs - #1018971 poppler: CVE-2022-38784 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 2 Sep 2022 20:09:01 UTC Severity: grave Tags: securi ...
Red Hat: Moderate: poppler security and bug fix update
Synopsis Moderate: poppler security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for poppler is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Red Hat: Moderate: poppler security update
Synopsis Moderate: poppler security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for poppler is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Debian Security Advisories: DSA-5224-1 poppler -- security update
Two vulnerabilities were discovered in poppler, a PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file or JBIG2 image is processed For the stable distribution (bullseye), these problems have been fixed in version 20090-31+deb11u1 We recommend that you upgrade your poppler pac ...
Amazon Linux 2: ALAS2-2023-2075
A logic error in the Hints::Hints function of Poppler v22030 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file (CVE-2022-27337) Poppler prior to and including 22080 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStreamcc) Processing a specially crafted PDF file or JBIG2 ima ...
Red Hat:
An integer overflow issue was discovered in Popplers' JBIG2 decoder in the JBIG2Stream::readTextRegionSeg() function in JBIGStreamcc file This flaw allows an attacker to trick a user into opening a malformed PDF file or JBIG2 image in the application, triggering an integer overflow, which could result in a crash or may lead to the execution of ar ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2812 poppler, poppler-glib, poppler-qt5, poppler-qt6 22080-1 22080-2 Unknown Unknown wwwopenwallcom/lists/oss ...

References

CWE-190https://poppler.freedesktop.org/releases.htmlhttps://github.com/jeffssh/CVE-2021-30860https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52http://www.openwall.com/lists/oss-security/2022/09/02/11https://www.debian.org/security/2022/dsa-5224https://lists.debian.org/debian-lts-announce/2022/09/msg00030.htmlhttps://security.gentoo.org/glsa/202209-21https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.mdhttps://www.cve.org/CVERecord?id=CVE-2022-38171https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018971https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5224https://alas.aws.amazon.com/AL2/ALAS-2023-2075.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook