Search for vulnerabilities
Vulnerability details: VCID-13qc-nqyc-f7d2
Vulnerability ID VCID-13qc-nqyc-f7d2
Aliases CVE-2022-38784
Summary Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38784.json
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
archlinux Unknown https://security.archlinux.org/AVG-2812
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38784.json
https://api.first.org/data/v1/epss?cve=CVE-2022-38784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38784
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/jeffssh/CVE-2021-30860
https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/
https://poppler.freedesktop.org/releases.html
https://www.cve.org/CVERecord?id=CVE-2022-38171
https://www.debian.org/security/2022/dsa-5224
1018971 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018971
2124527 https://bugzilla.redhat.com/show_bug.cgi?id=2124527
AVG-2812 https://security.archlinux.org/AVG-2812
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-38784 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
RHSA-2023:2259 https://access.redhat.com/errata/RHSA-2023:2259
RHSA-2023:2810 https://access.redhat.com/errata/RHSA-2023:2810
USN-5606-1 https://usn.ubuntu.com/5606-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38784.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38784
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.1752
EPSS Score 0.00056
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:02.166600+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5606-1/ 37.0.0