Advisories ยป MGASA-2022-0320

Updated xpdf packages fix security vulnerability

Publication date: 07 Sep 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-24106 , CVE-2022-24106 , CVE-2022-38171


In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the
'interleaved' flag to be changed after the first scan of the image,
leading to an unknown integer-related vulnerability in

Xpdf prior to 4.04 lacked an integer overflow check in

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2
decoder (JBIG2Stream::readTextRegionSeg() in Processing a
specially crafted PDF file or JBIG2 image could lead to a crash or the
execution of arbitrary code. (CVE-2022-38171)