Описание
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
An integer overflow issue was discovered in Popplers' JBIG2 decoder in the JBIG2Stream::readTextRegionSeg() function in JBIGStream.cc file. This flaw allows an attacker to trick a user into opening a malformed PDF file or JBIG2 image in the application, triggering an integer overflow, which could result in a crash or may lead to the execution of arbitrary code on the target system.
Отчет
This vulnerability is referred as CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in Xpdf.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | poppler | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-poppler022 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | poppler | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gimp:flatpak/poppler | Affected | ||
| Red Hat Enterprise Linux 8 | inkscape:flatpak/poppler | Affected | ||
| Red Hat Enterprise Linux 8 | libreoffice:flatpak/poppler | Affected | ||
| Red Hat Enterprise Linux 9 | inkscape:flatpak/poppler | Affected | ||
| Red Hat Enterprise Linux 9 | libreoffice:flatpak/poppler | Affected | ||
| Red Hat Enterprise Linux 8 | rhel8/gimp-flatpak | Fixed | RHBA-2024:8405 | 23.10.2024 |
| Red Hat Enterprise Linux 8 | poppler | Fixed | RHSA-2023:2810 | 16.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
Poppler prior to and including 22.08.0 contains an integer overflow in ...
EPSS
7.8 High
CVSS3