What is CVE-2022-24106?

CVE-2022-24106 is a high-severity vulnerability in Glyphandcog Xpdfreader, classified under Integer Overflow or Wraparound. CVSS score: 7.8/10. Published 2022-08-30.

How severe is CVE-2022-24106?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2022-24106 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Integer overflow in Glyphandcog Xpdfreader

CVE-2022-24106

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

Vulnerability class: Integer Overflow

EPSS: 0.003 (20.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Glyphandcog Xpdfreader
N/a — versions n/a

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

Public proof-of-concept exploits

11notes/docker-paperless-ngx

References

cve@mitre.org (Vendor Advisory)
cve@mitre.org (Product, Vendor Advisory)

Frequently asked questions

What is CVE-2022-24106?: CVE-2022-24106 is a high-severity vulnerability in Glyphandcog Xpdfreader, classified under Integer Overflow or Wraparound. CVSS score: 7.8/10. Published 2022-08-30.
How severe is CVE-2022-24106?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2022-24106 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.