QwikSec

Security Database

CVE

CWE

Training

CVE-2022-38784

Published: Aug 30, 2022

Modified: Sep 17, 2024

PUBLISHED

Description

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/jeffssh/CVE-2021-30860

https://poppler.freedesktop.org/releases.html

https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52

[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0

mailing-list

vendor-advisory

FEDORA-2022-f7b375eae8

vendor-advisory

FEDORA-2022-51b27699ce

vendor-advisory

[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update

mailing-list

vendor-advisory

FEDORA-2022-f79aa2bae9

vendor-advisory

FEDORA-2022-fcb3b063a6

vendor-advisory

https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md

https://www.cve.org/CVERecord?id=CVE-2022-38171

FEDORA-2022-f8ec1c06a3

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.