CVE-2022-38171: Xpdf <=4.04 JBIG2 int overflow leading to code exec
CVE-2022-38171 Published on August 22, 2022

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

NVD

Products Associated with CVE-2022-38171

stack.watch emails you whenever new vulnerabilities are published in Xpdfreader Xpdf or FreeDesktop Poppler. Just hit a watch button to start following.

Xpdfreader Xpdf

FreeDesktop Poppler

Exploit Probability

EPSS

0.11%

Percentile

28.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-38171: Xpdf <=4.04 JBIG2 int overflow leading to code execCVE-2022-38171 Published on August 22, 2022

Products Associated with CVE-2022-38171

Exploit Probability

CVE-2022-38171: Xpdf <=4.04 JBIG2 int overflow leading to code exec
CVE-2022-38171 Published on August 22, 2022