Lucene search

[email protected]CVE-2022-41844

HistorySep 30, 2022 - 5:15 a.m.

CVE-2022-41844

2022-09-3005:15:00

CWE-787

[email protected]

web.nvd.nist.gov

xpdf

4.04

xref::fetch

crash

vulnerability

cve-2022-41844

pdf

security

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

22.8%

JSON

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

CPENameOperatorVersion
xpdfreader:xpdfxpdfreader xpdfeq4.04

CPE	Name	Operator	Version
xpdfreader:xpdf	xpdfreader xpdf	eq	4.04

References

www.xpdfreader.com/download.html

forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928

forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for CVE-2022-41844

alpinelinux1 prion3 ubuntucve3 debiancve3 veracode1 nessus1 openvas2 slackware1 cve2 redhatcve1 mageia1