Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2022-0320
HistorySep 07, 2022 - 8:27 a.m.

Updated xpdf packages fix security vulnerability

2022-09-0708:27:53
Gentoo Foundation
advisories.mageia.org
18

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.1%

JSON

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the ‘interleaved’ flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. (CVE-2022-24106) Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. (CVE-2022-24107) Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. (CVE-2022-38171)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchxpdf< 4.04-1xpdf-4.04-1.mga8

Related

openvas 7
debiancve 3
alpinelinux 4
prion 4
cve 4
veracode 3
ubuntucve 4
nessus 24
attackerkb 1
osv 2
mageia 1
amazon 1
redhatcve 1
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0320)
2022-09-07 00:00:00
Mageia: Security Advisory (MGASA-2022-0386)
2022-10-24 00:00:00
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2023-2414)
2023-07-25 00:00:00
debiancve
debiancve
CVE-2022-24106
2022-08-30 04:15:00
CVE-2022-24107
2022-08-30 04:15:00
CVE-2022-38784
2022-08-30 03:15:00
alpinelinux
alpinelinux
CVE-2022-24107
2022-08-30 04:15:00
CVE-2022-24106
2022-08-30 04:15:00
CVE-2022-38784
2022-08-30 03:15:00
prion
prion
Integer overflow
2022-08-30 04:15:00
Integer overflow
2022-08-30 04:15:00
Integer overflow
2022-08-30 03:15:00
cve
cve
CVE-2022-24106
2022-08-30 04:15:00
CVE-2022-24107
2022-08-30 04:15:00
CVE-2022-38784
2022-08-30 03:15:00
veracode
veracode
Integer Overflow
2023-10-09 12:49:01
Integer Overflow
2024-04-10 19:36:53
Integer Overflow
2024-04-10 18:25:44
ubuntucve
ubuntucve
CVE-2022-24106
2022-08-30 00:00:00
CVE-2022-24107
2022-08-30 00:00:00
CVE-2022-38784
2022-08-30 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : poppler (EulerOS-SA-2022-2801)
2022-12-08 00:00:00
Oracle Linux 8 : poppler (ELSA-2023-2810)
2023-05-24 00:00:00
EulerOS Virtualization 3.0.6.6 : poppler (EulerOS-SA-2023-2414)
2023-07-26 00:00:00
attackerkb
attackerkb
CVE-2022-38171
2022-04-19 00:00:00
osv
osv
CVE-2022-38171
2022-08-22 19:15:11
CVE-2022-38784
2022-08-30 03:15:07
mageia
mageia
Updated poppler packages fix security vulnerability
2022-10-24 01:48:35
amazon
amazon
Medium: poppler
2023-06-05 16:39:00
redhatcve
redhatcve
CVE-2022-38784
2022-09-07 15:49:05

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.1%

JSON
Related for MGASA-2022-0320
openvas7debiancve3alpinelinux4prion4cve4veracode3ubuntucve4nessus24attackerkb1osv2mageia1amazon1redhatcve1