CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files
https://notcve.org/view.php?id=CVE-2022-38784
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGStream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente diseñados podría conllevar a un bloqueo o una ejecución de código arbitrario. • http://www.openwall.com/lists/oss-security/2022/09/02/11 https://github.com/jeffssh/CVE-2021-30860 https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6 https://lists.fedoraproject • CWE-190: Integer Overflow or Wraparound •
CVE-2022-38171
https://notcve.org/view.php?id=CVE-2022-38171
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la función JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente diseñados podría conllevar a un fallo o una ejecución de código arbitrario. • http://www.openwall.com/lists/oss-security/2022/09/02/11 http://www.xpdfreader.com/security-fixes.html https://dl.xpdfreader.com/xpdf-4.04.tar.gz https://github.com/jeffssh/CVE-2021-30860 https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html https://www.cve.org/CVERecord?id=CVE-2021-30860 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 https://github.com/Levilutz/CVE-2021-30860 http://seclists.org/fulldisclosure/2021/Sep/25 http://seclists.org/fulldisclosure/2021/Sep/26 http://seclists.org/fulldisclosure/2021/Sep/27 http://seclists.org/fulldisclosure/2021/Sep/28 http://seclists.org/fulldisclosure/2021/Sep/38 http://seclists.org/fulldisclosure/2021/Sep/39 http://seclists.org/fulldisclosure/2021/Sep/40 http://seclists.org/fulldisclosure/2021/Sep/50 http://ww • CWE-190: Integer Overflow or Wraparound •