CVE-2022-24106

CWE-190Integer Overflow7 documents6 sources
Severity
7.8HIGH
EPSS
0.1%
top 65.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glyphandcog Xpdfreader
Timeline
PublishedAug 30
Latest updateJan 29

Description

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Ubuntutexlive-bin< 2021.20210626.59705-1ubuntu0.3+3

🔴Vulnerability Details

4
OSV
texlive-bin vulnerabilities2026-01-29
GHSA
GHSA-35x2-6j99-3gv6: In Xpdf prior to 42022-08-31
OSV
CVE-2022-24106: In Xpdf prior to 42022-08-30
CVEList
CVE-2022-24106: In Xpdf prior to 42022-08-30

📋Vendor Advisories

2
Ubuntu
TeX Live vulnerabilities2026-01-29
Debian
CVE-2022-24106: poppler - In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'inte...2022
CVE-2022-24106 (HIGH CVSS 7.8) | In Xpdf prior to 4.04 | cvebase.io