CVE-2022-24106
Publication date 30 August 2022
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
Status
Package | Ubuntu Release | Status |
---|---|---|
emscripten | 24.04 LTS noble |
Needs evaluation
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of standard support | |
ipe | 24.04 LTS noble |
Needs evaluation
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Not in release | |
texlive-bin | 24.04 LTS noble |
Needs evaluation
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of standard support | |
xpdf | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Not in release |
Notes
rodrigo-zaiden
debian xpdf is slightly different from upstream xpdf, and does not include Stream.cc file. texlive-bin includes xpdf files. emscripten includes xpdf in the tests and could be ignored.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |