Search for vulnerabilities
Vulnerability details: VCID-96ga-uvqz-aaak
Vulnerability ID VCID-96ga-uvqz-aaak
Aliases CVE-2022-38171
Summary Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readSymbolDictSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2022-38171
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38171
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38171
archlinux Unknown https://security.archlinux.org/AVG-2813
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-38171
https://dl.xpdfreader.com/old/xpdf-4.04.tar.gz
https://dl.xpdfreader.com/xpdf-4.04.tar.gz
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6
https://github.com/jeffssh/CVE-2021-30860
https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
https://www.cve.org/CVERecord?id=CVE-2021-30860
http://www.openwall.com/lists/oss-security/2022/09/02/11
http://www.xpdfreader.com/security-fixes.html
AVG-2813 https://security.archlinux.org/AVG-2813
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*
CVE-2022-38171 https://nvd.nist.gov/vuln/detail/CVE-2022-38171
GLSA-202405-18 https://security.gentoo.org/glsa/202405-18
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.20041
EPSS Score 0.00076
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.