Vulnerability Details : CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

Vulnerability category: Overflow

Published 2022-08-22 19:15:11

Updated 2022-10-27 20:27:03

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-38171

Probability of exploitation activity in the next 30 days: 0.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 41 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-38171

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-38171

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-38171

https://dl.xpdfreader.com/xpdf-4.04.tar.gz

Vendor Advisory

CVEs referencing this url
https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md

Vulnerabilities/CVE-2022-38171.md at main · zmanion/Vulnerabilities · GitHub
Patch;Third Party Advisory

CVEs referencing this url
https://github.com/jeffssh/CVE-2021-30860

GitHub - jeffssh/CVE-2021-30860: Collection of materials relating to FORCEDENTRY, will eventually delete this repo and migrate the materials to my main exploit repo once finished
Third Party Advisory

CVEs referencing this url
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/09/02/11

oss-security - JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.cve.org/CVERecord?id=CVE-2021-30860

CVE Record | CVE
Third Party Advisory
http://www.xpdfreader.com/security-fixes.html

Xpdf Security Fixes
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-38171

Freedesktop » Poppler
Versions before (<) 22.09.0
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
Matching versions
Xpdfreader » Xpdf » Version: 4.04
cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*
Matching versions