Lucene search

Ubuntu.comUB:CVE-2022-38233

HistoryAug 16, 2022 - 12:00 a.m.

CVE-2022-38233

2022-08-1600:00:00

ubuntu.com

xpdf

segmentation violation

dctstream

readmcurow

stream.cc

poppler

debian

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.9%

JSON

XPDF commit ffaf11c was discovered to contain a segmentation violation via
DCTStream::readMCURow() at /xpdf/Stream.cc.

Notes

Author	Note
ebarretto	xpdf in Debian uses poppler, which is not affected or fixed

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchipe< anyUNKNOWN
ubuntu20.04noarchipe< anyUNKNOWN
ubuntu22.04noarchipe< anyUNKNOWN
ubuntu24.04noarchipe< anyUNKNOWN
ubuntu16.04noarchipe< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	ipe	< any	UNKNOWN
ubuntu	20.04	noarch	ipe	< any	UNKNOWN
ubuntu	22.04	noarch	ipe	< any	UNKNOWN
ubuntu	24.04	noarch	ipe	< any	UNKNOWN
ubuntu	16.04	noarch	ipe	< any	UNKNOWN

References

github.com/jhcloos/xpdf/issues/9

launchpad.net/bugs/cve/CVE-2022-38233

nvd.nist.gov/vuln/detail/CVE-2022-38233

security-tracker.debian.org/tracker/CVE-2022-38233

www.cve.org/CVERecord?id=CVE-2022-38233

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.9%

JSON

Related for UB:CVE-2022-38233