CVE-2022-24106 Xpdf prior to 4.04 had a DCT (JPEG) decoder bug that allowed the 'interleaved' flag to be changed after the first scan of the image, which led to a vulnerability in Stream.cc.

The DCT (JPEG) decoder in Xpdf prior to 4.04 allowed the 'interleaved' flag to be changed before the first scan of the image, leading to an integer-related vulnerability in Stream.cc. This issue was fixed in version 4.04 by changing the DCT (JPEG) decoder to always process images in order (first scan, last scan). Upgrading software to 4.04 or later is recommended. Xpdf prior to 4.04 allowed the 'interleaved' flag to be changed before the first scan of the image, leading to an integer-related vulnerability in Stream.cc. This issue was fixed in version 4.04 by changing the DCT (JPEG) decoder to always process images in order (first scan, last scan). Upgrading software to 4.04 or later is recommended. Xpdf prior to 4.04 allowed the 'interleaved' flag to be changed before the first scan of the image, leading to an integer-related vulnerability in Stream.cc. This issue was fixed in version 4.04 by changing the DCT (JPEG) decoder to always process images in order (first scan, last scan). Upgrading software to 4.04 or later is recommended. Xpdf prior to 4.04 allowed the 'interleaved' flag to be changed before the first scan of the image, leading to an integer-related vulnerability in Stream.cc. This issue was

Summary

A serious vulnerability was detected in the JPEG decoder of Xpdf 4.04 and earlier when the interleaved flag was changed before the first scan of an image. The issue was fixed by changing the DCT (JPEG) decoder to always process images in order (first scan, last scan). Upgrading software to 4.04 or later is recommended.

Multiple Xpdf Vulnerabilities

It has been reported that the DCT (JPEG) decoder in Xpdf prior to 4.04 allowed the 'interleaved' flag to be changed before the first scan of the image, leading to an integer-related vulnerability in Stream.cc. This issue was fixed in version 4.04 by changing the DCT (JPEG) decoder to always process images in order (first scan, last scan). Upgrading software to 4.04 or later is recommended.

Overview

The DCT (JPEG) decoder in Xpdf prior to 4.04 allowed the 'interleaved' flag to be changed before the first scan of the image, leading to an integer-related vulnerability in Stream.cc. This issue was fixed in version 4.04 by changing the DCT (JPEG) decoder to always process images in order (first scan, last scan). Upgrading software to 4.04 or later is recommended.

Timeline

Published on: 08/30/2022 04:15:00 UTC
Last modified on: 09/01/2022 20:46:00 UTC

References

• https://dl.xpdfreader.com/old/xpdf-4.04.tar.gz
• http://www.xpdfreader.com/old-versions.html
• http://www.xpdfreader.com/security-fixes.html
• https://dl.xpdfreader.com/xpdf-4.04.tar.gz
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24106