VDB
JLSEC-2026-80
JLSEC-2026-80
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | Poppler_jll | 0, 0 |
Timeline
- Apr 13, 2026 CVE Published
- Apr 13, 2026 CVE Updated
References
- http://www.openwall.com/lists/oss-security/2022/09/02/11 url
- http://www.xpdfreader.com/security-fixes.html url
- https://dl.xpdfreader.com/xpdf-4.04.tar.gz url
- https://github.com/jeffssh/CVE-2021-30860 url
- https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md url
- https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html url
- https://www.cve.org/CVERecord?id=CVE-2021-30860 url