CVE-2022-38222
Severity
7.8HIGH
EPSS
0.2%
top 61.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 29
Latest updateSep 30
Description
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
3GHSA▶
GHSA-jh9w-w754-x3hr: There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream↗2022-09-30
OSV▶
CVE-2022-38222: There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream↗2022-09-29
CVEList▶
CVE-2022-38222: There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream↗2022-08-15
📋Vendor Advisories
1Debian▶
CVE-2022-38222: xpdf - There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.c...↗2022