Your submission was sent successfully! Close

CVE-2022-38171

Published: 22 August 2022

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
ipe
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
xpdf
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)