CVE-2022-38171
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la función JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente diseñados podría conllevar a un fallo o una ejecución de código arbitrario. Esto es similar a la vulnerabilidad descrita por CVE-2021-30860 (Apple CoreGraphics).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-12 CVE Reserved
- 2022-08-22 CVE Published
- 2024-02-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/09/02/11 | Mailing List |
|
| https://github.com/jeffssh/CVE-2021-30860 | Third Party Advisory | |
| https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html | Third Party Advisory | |
| https://www.cve.org/CVERecord?id=CVE-2021-30860 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md | 2022-10-27 |
| URL | Date | SRC |
|---|---|---|
| http://www.xpdfreader.com/security-fixes.html | 2022-10-27 | |
| https://dl.xpdfreader.com/xpdf-4.04.tar.gz | 2022-10-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | 4.04 Search vendor "Xpdfreader" for product "Xpdf" and version "4.04" | - |
Affected
| ||||||
| Freedesktop Search vendor "Freedesktop" | Poppler Search vendor "Freedesktop" for product "Poppler" | < 22.09.0 Search vendor "Freedesktop" for product "Poppler" and version " < 22.09.0" | - |
Affected
| ||||||