CVE-2022-24106
Published: 30 August 2022
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
Notes
Author | Note |
---|---|
rodrigo-zaiden | debian xpdf is slightly different from upstream xpdf, and does not include Stream.cc file. texlive-bin includes xpdf files. emscripten includes xpdf in the tests and could be ignored. |
Priority
Status
Package | Release | Status |
---|---|---|
emscripten Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
lunar |
Needs triage
|
|
xenial |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
bionic |
Needs triage
|
|
focal |
Does not exist
|
|
jammy |
Needs triage
|
|
upstream |
Needs triage
|
|
ipe Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
texlive-bin Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
lunar |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
xenial |
Needs triage
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
upstream |
Needs triage
|
|
xpdf Launchpad, Ubuntu, Debian |
lunar |
Not vulnerable
(code not present)
|
trusty |
Does not exist
|
|
bionic |
Not vulnerable
(code not present)
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
kinetic |
Not vulnerable
(code not present)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |