Home > Vulnerability Database > CVE-2022-24106

Mend.io Vulnerability Database

CVE-2022-24106

Good to know:

Date: August 29, 2022

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

Language: C++

Severity Score

7.8

Related Resources (7)

Url: https://dl.xpdfreader.com/old/xpdf-4.04.tar.gz

Url: https://security-tracker.debian.org/tracker/CVE-2022-24106

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24106

Url: http://www.xpdfreader.com/security-fixes.html

Url: https://dl.xpdfreader.com/xpdf-4.04.tar.gz

Url: http://www.xpdfreader.com/old-versions.html

Url: https://www.mend.io/vulnerability-database/CVE-2022-24106

Severity Score

7.8

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version xpdf-4.04

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24106

Good to know:

Date: August 29, 2022

Language: C++

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?