Lucene search

K

GoogleOSV:ALSA-2023:2259

HistoryMay 09, 2023 - 12:00 a.m.

Moderate: poppler security and bug fix update

2023-05-0900:00:00

Google

osv.dev

12

poppler; pdf; security; bug fix; cve-2022-38784; jbig2; decoder; evince; integer overflow; portable document format; almalinux; release notes

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.2%

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

Security Fix(es):

poppler: integer overflow in JBIG2 decoder using malformed files (CVE-2022-38784)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

access.redhat.com/errata/RHSA-2023:2259

access.redhat.com/security/cve/CVE-2022-38784

bugzilla.redhat.com/2124527

errata.almalinux.org/9/ALSA-2023-2259.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.2%

Related for OSV:ALSA-2023:2259

almalinux2 fedora5 rocky1 openvas17 nessus27 redos1 osv7 oraclelinux2 redhat2 veracode1 ubuntu1 gentoo1 debiancve1 prion1 cve1 nvd1 debian2 alpinelinux1 ubuntucve2 mageia1 cvelist1 altlinux1 amazon1 redhatcve1