CVE-2022-38171

NameCVE-2022-38171
DescriptionXpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

NOT-FOR-US: xpdf (relevant issue for Poppler tracked as CVE-2022-38784)
This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf
https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6

Search for package or bug name: Reporting problems