CVE-2022-38784

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Poppler versions prior to and including 22.08.0

Description The issue is related to an integer overflow in the JBIG2 decoder, specifically in the JBIG2Stream::readTextRegionSeg() function. This can be triggered by processing a specially crafted PDF file or JBIG2 image, potentially leading to a crash or the execution of arbitrary code.

Recommendations For Poppler versions prior to and including 22.08.0, update to a version later than 22.08.0 to resolve the issue. As a temporary workaround, consider avoiding the use of the JBIG2 decoder or restricting access to specially crafted PDF files or JBIG2 images until a patch is available.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:2259

ALSA-2023:2810

ALT-PU-2022-3233

ALT-PU-2023-1100

ALT-PU-2025-9424

BDU:2022-05993

CESA-2023_2810

CVE-2022-38784

DLA-3120-1

DSA-5224-1

MGASA-2022-0386

OESA-2022-1906

OPENSUSE-SU-2024:12362-1

RHSA-2023:2259

RHSA-2023:2810

RHSA-2023_2259

RHSA-2023_2810

RLSA-2023:2810

SUSE-SU-2023:0480-1

SUSE-SU-2023:0494-1

SUSE-SU-2023:0495-1

SUSE-SU-2023:0677-1

USN-5606-1

USN-5606-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Poppler

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-38784

Weakness Enumeration

Related Identifiers

Affected Products

References · 80