CVE-2022-38222: Use After Free
First published: Thu Sep 29 2022(Updated: )
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xpdfreader Xpdf | =4.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-38222.
Where is the use-after-free issue located?
The use-after-free issue is located in JBIG2Stream::close() in the JBIG2Stream.cc file of Xpdf 4.04.
How can the use-after-free issue be triggered?
The use-after-free issue can be triggered by sending a crafted PDF file to the pdfimages binary.
What are the potential impacts of this vulnerability?
The potential impacts of this vulnerability include Denial of Service and possibly unspecified other impacts.
Is there a fix available for this vulnerability?
Please refer to the official Xpdf website or vendor for the fix for this vulnerability.
- collector/nvd-index
- agent/references
- agent/event
- vendor/xpdfreader
- canonical/xpdfreader xpdf
- version/xpdfreader xpdf/4.04