VDB

DEBIAN-CVE-2022-24106

DEBIAN-CVE-2022-24106 PUBLISHED CVSS 7.800000190734863 HIGH

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:14poppler0, 25.03.0-10, 25.03.0-11
Debian:12poppler25.01.0-2, 0, 22.12.0-2
Debian:11poppler21.06.0-1, 21.06.1-1, 22.06.0-1
Debian:13poppler25.03.0-10, 25.03.0-11, 25.03.0-11.1

Timeline

  • Aug 30, 2022 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›