Lucene search

K
mageiaGentoo FoundationMGASA-2024-0035
HistoryFeb 10, 2024 - 10:02 p.m.

Updated xpdf packages fix security vulnerabilities

2024-02-1022:02:27
Gentoo Foundation
advisories.mageia.org
20
xpdf
security vulnerabilities
text extractor
rasterizer
jbig2 decoder
pdf object loops
memory access
integer overflow
bounds check
deadlock
cve-2022
cve-2023
unix

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.4%

The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. (CVE-2022-30524) Integer overflow in rasterizer. (CVE-2022-30775) PDF object loop in Catalog::countPageTree. (CVE-2022-33108) PDF object loop in AcroForm::scanField. (CVE-2022-36561) Logic bug in JBIG2 decoder. (CVE-2022-38222) PDF object loop in Catalog::countPageTree. (CVE-2022-38334) Missing bounds check in CFF font converter caused null pointer dereference. (CVE-2022-38928) PDF object loop in Catalog::countPageTree. (CVE-2022-41842) Missing bounds check in CFF font parser caused invalid memory access. (CVE-2022-41843) PDF object loop in AcroForm::scanField. (CVE-2022-41844) PDF object loop in Catalog::readPageLabelTree2. (CVE-2022-43071) PDF object loop in Catalog::countPageTree. (CVE-2022-43295) PDF object loop in Catalog::countPageTree. (CVE-2022-45586) PDF object loop in Catalog::countPageTree. (CVE-2022-45587) Divide-by-zero in Xpdf 4.04 due to bad color space object. (CVE-2023-2662) PDF object loop in Catalog::readPageLabelTree2. (CVE-2023-2663) PDF object loop in Catalog::readEmbeddedFileTree. (CVE-2023-2664) Divide-by-zero in Xpdf 4.04 due to very large page size. (CVE-2023-3044) Deadlock in Xpdf 4.04 due to PDF object stream references. (CVE-203-3436)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchxpdf< 4.05-1xpdf-4.05-1.mga9

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.4%