Mageia 8: MGASA-2022-0320 Critical: Xpdf Integer Overflow Threat
mageia
September 7, 2022
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related...
Summary
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the
'interleaved' flag to be changed after the first scan of the image,
leading to an unknown integer-related vulnerability in Stream.cc.
(CVE-2022-24106)
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
(CVE-2022-24107)
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2
decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a
specially crafted PDF file or JBIG2 image could lead to a crash or the
execution of arbitrary code. (CVE-2022-38171)
References
- https://bugs.mageia.org/show_bug.cgi?id=30804
- http://www.xpdfreader.com/security-fixes.html
- https://www.cve.org/CVERecord?id=CVE-2022-24106
- https://www.cve.org/CVERecord?id=CVE-2022-24106
- https://www.cve.org/CVERecord?id=CVE-2022-38171
Topics Covered
Resolution
SRPMS
- 8/core/xpdf-4.04-1.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 07 Sep 2022
URL: https://advisories.mageia.org/MGASA-2022-0320.html
Type: security
CVE: CVE-2022-24106,
CVE-2022-24106,
CVE-2022-38171
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!