There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320 https://www.cve.org/CVERecord?id=CVE-2022-38222
Created xpdf tracking bugs for this issue: Affects: epel-all [bug 2130858] Affects: fedora-all [bug 2130857]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.