Mageia 2022-0320: xpdf security update | LinuxSecurity.com
MGASA-2022-0320 - Updated xpdf packages fix security vulnerability

Publication date: 07 Sep 2022
URL: https://advisories.mageia.org/MGASA-2022-0320.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-24106,
     CVE-2022-24106,
     CVE-2022-38171

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the
'interleaved' flag to be changed after the first scan of the image,
leading to an unknown integer-related vulnerability in Stream.cc.
(CVE-2022-24106)

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
(CVE-2022-24107)

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2
decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a
specially crafted PDF file or JBIG2 image could lead to a crash or the
execution of arbitrary code. (CVE-2022-38171)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30804
- https://www.xpdfreader.com/security-fixes.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24106
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24106
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38171

SRPMS:
- 8/core/xpdf-4.04-1.mga8

Mageia 2022-0320: xpdf security update

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related...

Summary

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. (CVE-2022-24106)
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. (CVE-2022-24107)
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. (CVE-2022-38171)

References

- https://bugs.mageia.org/show_bug.cgi?id=30804

- https://www.xpdfreader.com/security-fixes.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24106

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24106

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38171

Resolution

MGASA-2022-0320 - Updated xpdf packages fix security vulnerability

SRPMS

- 8/core/xpdf-4.04-1.mga8

Severity
Publication date: 07 Sep 2022
URL: https://advisories.mageia.org/MGASA-2022-0320.html
Type: security
CVE: CVE-2022-24106, CVE-2022-24106, CVE-2022-38171

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.