Mageia Advisory: MGASA-2022-0320 - Updated xpdf packages fix security vulnerability

Updated xpdf packages fix security vulnerability

Publication date: 07 Sep 2022
Modification date: 07 Sep 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-24106 , CVE-2022-24106 , CVE-2022-38171

Description

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the
'interleaved' flag to be changed after the first scan of the image,
leading to an unknown integer-related vulnerability in Stream.cc.
(CVE-2022-24106)

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
(CVE-2022-24107)

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2
decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a
specially crafted PDF file or JBIG2 image could lead to a crash or the
execution of arbitrary code. (CVE-2022-38171)

References

https://bugs.mageia.org/show_bug.cgi?id=30804
http://www.xpdfreader.com/security-fixes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38171

SRPMS

8/core

xpdf-4.04-1.mga8

Advisories » MGASA-2022-0320

Updated xpdf packages fix security vulnerability

Description

References

SRPMS

8/core