CVE-2022-24106

2022-08-3004:15:10

Debian Security Bug Tracker

security-tracker.debian.org

xpdf

dct decoder

flag change

integer vulnerability

stream.cc

unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.7%

JSON

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the ‘interleaved’ flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

OSVersionArchitecturePackageVersionFilename
Debian12allpoppler<= 22.12.0-2poppler_22.12.0-2_all.deb
Debian11allpoppler<= 20.09.0-3.1+deb11u1poppler_20.09.0-3.1+deb11u1_all.deb
Debian999allpoppler<= 24.08.0-2poppler_24.08.0-2_all.deb
Debian13allpoppler<= 24.08.0-2poppler_24.08.0-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	poppler	<= 22.12.0-2	poppler_22.12.0-2_all.deb
Debian	11	all	poppler	<= 20.09.0-3.1+deb11u1	poppler_20.09.0-3.1+deb11u1_all.deb
Debian	999	all	poppler	<= 24.08.0-2	poppler_24.08.0-2_all.deb
Debian	13	all	poppler	<= 24.08.0-2	poppler_24.08.0-2_all.deb