CVE-2022-38784

2022-08-3000:00:00

ubuntu.com

poppler

integer overflow

jbig2 decoder

cve-2022-38784

pdf

vulnerability

code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.2%

JSON

Poppler prior to and including 22.08.0 contains an integer overflow in the
JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc).
Processing a specially crafted PDF file or JBIG2 image could lead to a
crash or the execution of arbitrary code. This is similar to the
vulnerability described by CVE-2022-38171 in Xpdf.

Notes

Author	Note
rodrigo-zaiden	texlive-bin includes poppler files. emscripten includes poppler in the tests and could be ignored.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchemscripten< anyUNKNOWN
ubuntu22.04noarchemscripten< anyUNKNOWN
ubuntu24.04noarchemscripten< anyUNKNOWN
ubuntu16.04noarchemscripten< anyUNKNOWN
ubuntu18.04noarchpoppler< 0.62.0-2ubuntu2.14UNKNOWN
ubuntu20.04noarchpoppler< 0.86.1-0ubuntu1.1UNKNOWN
ubuntu22.04noarchpoppler< 22.02.0-2ubuntu0.1UNKNOWN
ubuntu16.04noarchpoppler< 0.41.0-0ubuntu1.16+esm2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	emscripten	< any	UNKNOWN
ubuntu	22.04	noarch	emscripten	< any	UNKNOWN
ubuntu	24.04	noarch	emscripten	< any	UNKNOWN
ubuntu	16.04	noarch	emscripten	< any	UNKNOWN
ubuntu	18.04	noarch	poppler	< 0.62.0-2ubuntu2.14	UNKNOWN
ubuntu	20.04	noarch	poppler	< 0.86.1-0ubuntu1.1	UNKNOWN
ubuntu	22.04	noarch	poppler	< 22.02.0-2ubuntu0.1	UNKNOWN
ubuntu	16.04	noarch	poppler	< 0.41.0-0ubuntu1.16+esm2	UNKNOWN