Search for vulnerabilities
Vulnerability details: VCID-p7pw-zwhs-aaag
Vulnerability ID VCID-p7pw-zwhs-aaag
Aliases CVE-2022-38784
Summary Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38784.json
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00251 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00252 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2022-38784
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2124527
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
archlinux Unknown https://security.archlinux.org/AVG-2812
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38784.json
https://api.first.org/data/v1/epss?cve=CVE-2022-38784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38784
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6
https://github.com/jeffssh/CVE-2021-30860
https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/
https://poppler.freedesktop.org/releases.html
https://security.gentoo.org/glsa/202209-21
https://www.cve.org/CVERecord?id=CVE-2022-38171
https://www.debian.org/security/2022/dsa-5224
http://www.openwall.com/lists/oss-security/2022/09/02/11
1018971 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018971
2124527 https://bugzilla.redhat.com/show_bug.cgi?id=2124527
AVG-2812 https://security.archlinux.org/AVG-2812
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-38784 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
RHSA-2023:2259 https://access.redhat.com/errata/RHSA-2023:2259
RHSA-2023:2810 https://access.redhat.com/errata/RHSA-2023:2810
USN-5606-1 https://usn.ubuntu.com/5606-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38784.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38784
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38784
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.13201
EPSS Score 0.00052
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.