Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 9 MGASA-2024-0035 Important: Xpdf Memory Access Threats

mageia
Calendar Grey February 10, 2024
Dist Mageia Esm H88
Newly released xpdf updates for Mageia resolve various security vulnerabilities, including improper memory access and potential integer overflows.
The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access

Summary

The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. (CVE-2022-30524) Integer overflow in rasterizer. (CVE-2022-30775) PDF object loop in Catalog::countPageTree. (CVE-2022-33108) PDF object loop in AcroForm::scanField. (CVE-2022-36561) Logic bug in JBIG2 decoder. (CVE-2022-38222) PDF object loop in Catalog::countPageTree. (CVE-2022-38334) Missing bounds check in CFF font converter caused null pointer dereference. (CVE-2022-38928) PDF object loop in Catalog::countPageTree. (CVE-2022-41842) Missing bounds check in CFF font parser caused invalid memory access. (CVE-2022-41843) PDF object loop in AcroForm::scanField. (CVE-2022-41844) PDF object loop in Catalog::readPageLabelTree2. (CVE-2022-43071) PDF object loop in Catalog::countPageTree. (CVE-2022-43295) PDF object loop in Catalog::countPageTree. (CVE-2022-45586) PDF object loop in Catalog::countPageTree. (CVE-2022-45587) Divide-by-zero in Xpdf 4.04 due to bad color space object....

References

- https://bugs.mageia.org/show_bug.cgi?id=30812

- http://www.xpdfreader.com/security-fixes.html

- https://www.cve.org/CVERecord?id=CVE-2022-30524

- https://www.cve.org/CVERecord?id=CVE-2022-30775

- https://www.cve.org/CVERecord?id=CVE-2022-33108

- https://www.cve.org/CVERecord?id=CVE-2022-36561

- https://www.cve.org/CVERecord?id=CVE-2022-38222

- https://www.cve.org/CVERecord?id=CVE-2022-38334

- https://www.cve.org/CVERecord?id=CVE-2022-38928

- https://www.cve.org/CVERecord?id=CVE-2022-41842

- https://www.cve.org/CVERecord?id=CVE-2022-41843

- https://www.cve.org/CVERecord?id=CVE-2022-41844

- https://www.cve.org/CVERecord?id=CVE-2022-43071

- https://www.cve.org/CVERecord?id=CVE-2022-43295

- https://www.cve.org/CVERecord?id=CVE-2022-45586

- https://www.cve.org/CVERecord?id=CVE-2022-45587

- https://www.cve.org/CVERecord?id=CVE-2023-2662

- https://www.cve.org/CVERecord?id=CVE-2023-2663

- https://www.cve.org/CVERecord?id=CVE-2023-2664

- https://www.cve.org/CVERecord?id=CVE-2023-3044

- https://www.cve.org/CVERecord?id=CVE-2023-3436

Topics%20covered

Topics Covered

security advisory security issue integer overflow memory access xpdf pdf processing mageia

Resolution

SRPMS

- 9/core/xpdf-4.05-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 10 Feb 2024
URL: https://advisories.mageia.org/MGASA-2024-0035.html
Type: security
CVE: CVE-2022-30524, CVE-2022-30775, CVE-2022-33108, CVE-2022-36561, CVE-2022-38222, CVE-2022-38334, CVE-2022-38928, CVE-2022-41842, CVE-2022-41843, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2023-2662, CVE-2023-2663, CVE-2023-2664, CVE-2023-3044, CVE-2023-3436

Topics%20covered

Topics Covered

security advisory security issue integer overflow memory access xpdf pdf processing mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here