CVE-2022-24106

CVE-2022-24106

Name

CVE-2022-24106

Description

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://dl.xpdfreader.com/old/xpdf-4.04.tar.gz
CONFIRM	http://www.xpdfreader.com/old-versions.html
CONFIRM	http://www.xpdfreader.com/security-fixes.html
CONFIRM	https://dl.xpdfreader.com/xpdf-4.04.tar.gz

Type

URI

CONFIRM

https://dl.xpdfreader.com/old/xpdf-4.04.tar.gz

CONFIRM

http://www.xpdfreader.com/old-versions.html

CONFIRM

http://www.xpdfreader.com/security-fixes.html

CONFIRM

https://dl.xpdfreader.com/xpdf-4.04.tar.gz

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:glyphandcog:xpdfreader::::::::`	xpdfreader	>= None	< 4.04

CPE URI

Source package

Min version

Max version

cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*

xpdfreader

>= None

< 4.04

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xpdf	edge-community	4.04-r0	Dominika Liberda <ja@sdomi.pl>	fixed
xpdf	3.22-community	4.04-r0	None	fixed
xpdf	3.21-community	4.04-r0	None	fixed
xpdf	3.20-community	4.04-r0	None	fixed
xpdf	3.19-community	4.04-r0	Dominika Liberda <ja@sdomi.pl>	fixed

Source package

Branch

Version

Maintainer

Status

xpdf

edge-community

4.04-r0

Dominika Liberda <ja@sdomi.pl>

fixed

xpdf

3.22-community