Unrated severityNVD Advisory· Published Aug 30, 2022· Updated Sep 17, 2024

CVE-2022-38784

Description

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Affected products

Poppler/Popplerdescription
osv-coords49 versions
pkg:rpm/almalinux/poppler pkg:rpm/almalinux/poppler-cpp pkg:rpm/almalinux/poppler-cpp-devel pkg:rpm/almalinux/poppler-devel pkg:rpm/almalinux/poppler-glib pkg:rpm/almalinux/poppler-glib-devel pkg:rpm/almalinux/poppler-qt5 pkg:rpm/almalinux/poppler-qt5-devel pkg:rpm/almalinux/poppler-utils pkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/poppler&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/poppler-qt5&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/poppler-qt6&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/poppler&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/poppler&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/poppler&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/poppler&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/poppler&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/poppler&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/poppler-qt5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4 pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/poppler-qt&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/poppler-qt&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 21.01.0-14.el9+ 48 more
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 21.01.0-14.el9
- (no CPE)range: < 0.62.0-150000.4.9.1
- (no CPE)range: < 22.09.0-1.1
- (no CPE)range: < 22.01.0-150400.3.3.1
- (no CPE)range: < 22.01.0-150400.3.3.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.62.0-150000.4.9.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 22.01.0-150400.3.3.1
- (no CPE)range: < 22.01.0-150400.3.3.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.62.0-150000.4.9.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.62.0-150000.4.9.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.79.0-150200.3.8.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 22.01.0-150400.3.3.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1
- (no CPE)range: < 0.43.0-16.22.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/mitrevendor-advisory
security.gentoo.org/glsa/202209-21mitrevendor-advisory
www.debian.org/security/2022/dsa-5224mitrevendor-advisory
www.openwall.com/lists/oss-security/2022/09/02/11mitremailing-list
lists.debian.org/debian-lts-announce/2022/09/msg00030.htmlmitremailing-list
github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.mdmitre
gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffsmitre
poppler.freedesktop.org/releases.htmlmitre
www.cve.org/CVERecordmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000