CVE-2022-38784

Опубликовано: 30 авг. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.8

Описание

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage

Показывать по

Релиз	Статус	Примечание
bionic	released	0.62.0-2ubuntu2.14
devel	not-affected	22.08.0-2.1
esm-infra/bionic	not-affected	0.62.0-2ubuntu2.14
esm-infra/focal	not-affected	0.86.1-0ubuntu1.1
esm-infra/xenial	released	0.41.0-0ubuntu1.16+esm2
focal	released	0.86.1-0ubuntu1.1
jammy	released	22.02.0-2ubuntu0.1
kinetic	not-affected	22.08.0-2.1
lunar	not-affected	22.08.0-2.1
mantic	not-affected	22.08.0-2.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 18%

0.00057

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2022-38784

CVSS3: 7.8

redhat

почти 3 года назад

CVE-2022-38784

CVSS3: 7.8

nvd

почти 3 года назад

CVE-2022-38784

CVSS3: 7.8

debian

почти 3 года назад

Poppler prior to and including 22.08.0 contains an integer overflow in ...

SUSE-SU-2023:0677-1

suse-cvrf

больше 2 лет назад

Security update for poppler

SUSE-SU-2023:0495-1

suse-cvrf

больше 2 лет назад

Security update for poppler

EPSS

Процентиль: 18%

0.00057

Низкий

7.8 High

CVSS3

CVE-2022-38784

Описание

Пакет emscripten

Пакет poppler

Ссылки на источники

Связанные уязвимости