JLSEC-2026-80

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-80.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-80.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-80
Upstream
Published
2026-04-13T13:20:05.063Z
Modified
2026-07-18T00:02:23.964265429Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

Database specific
{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38171",
            "modified": "2026-06-17T04:56:13.920Z",
            "published": "2022-08-22T19:15:11.060Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-38171",
            "imported": "2026-07-17T22:40:11.841Z",
            "id": "CVE-2022-38171",
            "database_specific": {
                "status": "Modified"
            }
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / Poppler_jll

Package

Name
Poppler_jll
Purl
pkg:julia/Poppler_jll?uuid=9c32591e-4766-534b-9725-b71a8799265b

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.12.0+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-80.json"