Search for vulnerabilities
Vulnerability details: VCID-p8zt-gbzd-yyf8
Vulnerability ID VCID-p8zt-gbzd-yyf8
Aliases CVE-2022-38349
Summary An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-617 Reachable Assertion
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38349.json
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-38349
cvssv3.1 3.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28
ssvc Track https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38349
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38349.json
https://api.first.org/data/v1/epss?cve=CVE-2022-38349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38349
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1282 https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282
2251630 https://bugzilla.redhat.com/show_bug.cgi?id=2251630
4564a002bcb6094cc460bc0d5ddff9423fe6dd28 https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28
cpe:2.3:a:freedesktop:poppler:22.08.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:22.08.0:*:*:*:*:*:*:*
CVE-2022-38349 https://nvd.nist.gov/vuln/detail/CVE-2022-38349
USN-6508-1 https://usn.ubuntu.com/6508-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38349.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:39:03Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:39:03Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38349
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.03536
EPSS Score 0.00019
Published At Sept. 25, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:40:22.102793+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6508-1/ 37.0.0