{"id":"MGASA-2022-0320","summary":"Updated xpdf packages fix security vulnerability","details":"In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the\n'interleaved' flag to be changed after the first scan of the image,\nleading to an unknown integer-related vulnerability in Stream.cc.\n(CVE-2022-24106)\n\nXpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.\n(CVE-2022-24107)\n\nXpdf prior to version 4.04 contains an integer overflow in the JBIG2\ndecoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a\nspecially crafted PDF file or JBIG2 image could lead to a crash or the\nexecution of arbitrary code. (CVE-2022-38171)\n","modified":"2026-03-25T17:59:15.766755Z","published":"2022-09-07T05:27:53Z","related":["CVE-2022-24106","CVE-2022-24107","CVE-2022-38171"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0320.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30804"},{"type":"REPORT","url":"http://www.xpdfreader.com/security-fixes.html"}],"affected":[{"package":{"name":"xpdf","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/xpdf?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.04-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0320.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}