Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HFreedesktop Poppler
APPFreedesktop< 22.09.0Xpdfreader Xpdf
APPXpdfreader4.04
Powiązane podatności
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-...
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo ...
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of ...
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted ...