Bug 2120439 (CVE-2022-38171) - CVE-2022-38171 xpdf: integer overflow
Summary: CVE-2022-38171 xpdf: integer overflow
Keywords:
Status: NEW
Alias: CVE-2022-38171
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2120440
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-08-23 00:44 UTC by Anten Skrabec
Modified: 2023-07-07 08:34 UTC (History)
2 users (show)

Fixed In Version: xpdf 4.04
Doc Type: ---
Doc Text:
In Xpdf prior to 4.04, processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Anten Skrabec 2022-08-23 00:44:42 UTC
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readSymbolDictSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

https://dl.xpdfreader.com/old/xpdf-4.04.tar.gz
http://www.xpdfreader.com/security-fixes.html
https://dl.xpdfreader.com/xpdf-4.04.tar.gz

Comment 1 Anten Skrabec 2022-08-23 00:44:53 UTC
Created xpdf tracking bugs for this issue:

Affects: epel-7 [bug 2120440]


Note You need to log in before you can comment on or make changes to this bug.