Bug 1203055 - (CVE-2022-24106) VUL-0: CVE-2022-24106: poppler: xpdf: unknown integer-related vulnerability in Stream.cc
(CVE-2022-24106)
VUL-0: CVE-2022-24106: poppler: xpdf: unknown integer-related vulnerability i...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Peter Simons
Security Team bot
https://smash.suse.de/issue/341113/
CVSSv3.1:SUSE:CVE-2022-24106:5.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-02 08:40 UTC by Thomas Leroy
Modified: 2022-09-22 07:23 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
patch (634 bytes, patch)
2022-09-22 07:23 UTC, Thomas Leroy
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-09-02 08:40:16 UTC
CVE-2022-24106

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the
'interleaved' flag to be changed after the first scan of the image, leading to
an unknown integer-related vulnerability in Stream.cc.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24106
https://www.cve.org/CVERecord?id=CVE-2022-24106
http://www.cvedetails.com/cve/CVE-2022-24106/
https://dl.xpdfreader.com/old/xpdf-4.04.tar.gz
https://dl.xpdfreader.com/xpdf-4.04.tar.gz
http://www.xpdfreader.com/security-fixes.html
http://www.xpdfreader.com/old-versions.html
Comment 1 Thomas Leroy 2022-09-02 08:51:40 UTC
No information at all about the bug...
Comment 2 Thomas Leroy 2022-09-22 07:23:54 UTC
Created attachment 861627 [details]
patch

Upstream xpdf patch