CVE-2022-24106
HIGHGlyphandcog Xpdf <4.04 - Integer Overflow in DCT Decoder
Title source: llmDescription
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
References (2)
Core 2
Core References
Vendor Advisory
http://www.xpdfreader.com/security-fixes.html
Product, Vendor Advisory
https://dl.xpdfreader.com/xpdf-4.04.tar.gz
Scores
CVSS v3
7.8
EPSS
0.0029
EPSS Percentile
20.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
glyphandcog/xpdfreader
< 4.04
Published
Aug 30, 2022
Tracked Since
Feb 18, 2026