Lucene search

Ubuntu.comUB:CVE-2022-38236

HistoryAug 16, 2022 - 12:00 a.m.

CVE-2022-38236

2022-08-1600:00:00

ubuntu.com

xpdf

global buffer overflow

lexer::getobj

object

debian

poppler

unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.8%

JSON

XPDF commit ffaf11c was discovered to contain a global-buffer overflow via
Lexer::getObj(Object*) at /xpdf/Lexer.cc.

Notes

Author	Note
ebarretto	xpdf in Debian uses poppler, which is not affected or fixed

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchipe< anyUNKNOWN
ubuntu20.04noarchipe< anyUNKNOWN
ubuntu22.04noarchipe< anyUNKNOWN
ubuntu24.04noarchipe< anyUNKNOWN
ubuntu16.04noarchipe< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	ipe	< any	UNKNOWN
ubuntu	20.04	noarch	ipe	< any	UNKNOWN
ubuntu	22.04	noarch	ipe	< any	UNKNOWN
ubuntu	24.04	noarch	ipe	< any	UNKNOWN
ubuntu	16.04	noarch	ipe	< any	UNKNOWN

References

github.com/jhcloos/xpdf/issues/8

launchpad.net/bugs/cve/CVE-2022-38236

nvd.nist.gov/vuln/detail/CVE-2022-38236

security-tracker.debian.org/tracker/CVE-2022-38236

www.cve.org/CVERecord?id=CVE-2022-38236

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.8%

JSON

Related for UB:CVE-2022-38236