CVE-2022-24106

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24106
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24106.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-24106
Published
2022-08-30T04:15:10Z
Modified
2024-06-30T13:13:37.663986Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

References

Affected packages

Debian:11 / poppler

Package

Name
poppler
Purl
pkg:deb/debian/poppler?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.09.0-3.1
20.09.0-3.1+deb11u1

21.*

21.02.0-1
21.06.0-1
21.06.1-1
21.11.0-1

22.*

22.02.0-1
22.02.0-2
22.02.0-3
22.06.0-1
22.08.0-1
22.08.0-2
22.08.0-2.1
22.11.0-1
22.12.0-1
22.12.0-2
22.12.0-2.1
22.12.0-2.2

23.*

23.08.0-1
23.08.0-2
23.12.0-1

24.*

24.02.0-1
24.02.0-2
24.02.0-3
24.02.0-4
24.02.0-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / poppler

Package

Name
poppler
Purl
pkg:deb/debian/poppler?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

22.*

22.12.0-2
22.12.0-2.1
22.12.0-2.2

23.*

23.08.0-1
23.08.0-2
23.12.0-1

24.*

24.02.0-1
24.02.0-2
24.02.0-3
24.02.0-4
24.02.0-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / poppler

Package

Name
poppler
Purl
pkg:deb/debian/poppler?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

22.*

22.12.0-2
22.12.0-2.1
22.12.0-2.2

23.*

23.08.0-1
23.08.0-2
23.12.0-1

24.*

24.02.0-1
24.02.0-2
24.02.0-3
24.02.0-4
24.02.0-5

Ecosystem specific

{
    "urgency": "unimportant"
}