CVE-2022-36561

2022-08-3000:00:00

ubuntu.com

xpdf v4.0.4

segmentation violation

acroform.cc

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.9%

JSON

XPDF v4.0.4 was discovered to contain a segmentation violation via the
component /xpdf/AcroForm.cc:538.

Notes

Author	Note
rodrigo-zaiden	debian xpdf is slightly different from upstream xpdf, and does not include AcroForm.cc file. texlive-bin includes xpdf files. emscripten includes xpdf in the tests and could be ignored.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchemscripten< anyUNKNOWN
ubuntu22.04noarchemscripten< anyUNKNOWN
ubuntu24.04noarchemscripten< anyUNKNOWN
ubuntu16.04noarchemscripten< anyUNKNOWN
ubuntu18.04noarchipe< anyUNKNOWN
ubuntu20.04noarchipe< anyUNKNOWN
ubuntu22.04noarchipe< anyUNKNOWN
ubuntu24.04noarchipe< anyUNKNOWN
ubuntu16.04noarchipe< anyUNKNOWN
ubuntu18.04noarchtexlive-bin< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	emscripten	< any	UNKNOWN
ubuntu	22.04	noarch	emscripten	< any	UNKNOWN
ubuntu	24.04	noarch	emscripten	< any	UNKNOWN
ubuntu	16.04	noarch	emscripten	< any	UNKNOWN
ubuntu	18.04	noarch	ipe	< any	UNKNOWN
ubuntu	20.04	noarch	ipe	< any	UNKNOWN
ubuntu	22.04	noarch	ipe	< any	UNKNOWN
ubuntu	24.04	noarch	ipe	< any	UNKNOWN
ubuntu	16.04	noarch	ipe	< any	UNKNOWN
ubuntu	18.04	noarch	texlive-bin	< any	UNKNOWN