Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Oct 2022, 20:08
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md - Exploit, Third Party Advisory | |
References | (MISC) https://www.cve.org/CVERecord?id=CVE-2022-38171 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
20 Oct 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Oct 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
10 Oct 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Sep 2022, 19:51
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202209-21 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5224 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/ - Mailing List, Third Party Advisory | |
First Time |
Fedoraproject
Debian debian Linux Debian Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
29 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Sep 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Sep 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Sep 2022, 21:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 | |
References |
|
|
References | (MISC) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38171 - Third Party Advisory | |
References | (CONFIRM) https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52 - Patch, Vendor Advisory | |
References | (MISC) https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6 - Patch, Third Party Advisory | |
References | (CONFIRM) https://poppler.freedesktop.org/releases.html - Release Notes, Vendor Advisory | |
References | (MISC) https://github.com/jeffssh/CVE-2021-30860 - Third Party Advisory | |
CPE | cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Freedesktop
Freedesktop poppler |
30 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-30 03:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38784
Mitre link : CVE-2022-38784
CVE.ORG link : CVE-2022-38784
JSON object : View
Products Affected
debian
- debian_linux
freedesktop
- poppler
fedoraproject
- fedora
CWE
CWE-190
Integer Overflow or Wraparound