DEBIAN-CVE-2022-24106

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-24106

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-24106.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-24106

Upstream

CVE-2022-24106

Published

2022-08-30T04:15:10.523Z

Modified

2025-11-14T04:05:01.715371Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

References

https://security-tracker.debian.org/tracker/CVE-2022-24106

Affected packages

Debian:11 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.09.0-3.1

20.09.0-3.1+deb11u1

20.09.0-3.1+deb11u2

21.*

21.02.0-1

21.06.0-1

21.06.1-1

21.11.0-1

22.*

22.02.0-1

22.02.0-2

22.02.0-3

22.06.0-1

22.08.0-1

22.08.0-2

22.08.0-2.1

22.11.0-1

22.12.0-1

22.12.0-2

22.12.0-2.1

22.12.0-2.2

23.*

23.08.0-1

23.08.0-2

23.12.0-1

24.*

24.02.0-1

24.02.0-2

24.02.0-3

24.02.0-4

24.02.0-5

24.02.0-5+loong64

24.06.0-1

24.06.0-2

24.08.0-1

24.08.0-2

24.08.0-3

24.08.0-4

25.*

25.01.0-1

25.01.0-2

25.01.0-3

25.01.0-4

25.01.0-5

25.03.0-1

25.03.0-2

25.03.0-3

25.03.0-4

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

25.03.0-10

25.03.0-11

25.03.0-11.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-24106.json"

Debian:12 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

22.*

22.12.0-2

22.12.0-2+deb12u1

22.12.0-2.1

22.12.0-2.2

23.*

23.08.0-1

23.08.0-2

23.12.0-1

24.*

24.02.0-1

24.02.0-2

24.02.0-3

24.02.0-4

24.02.0-5

24.02.0-5+loong64

24.06.0-1

24.06.0-2

24.08.0-1

24.08.0-2

24.08.0-3

24.08.0-4

25.*

25.01.0-1

25.01.0-2

25.01.0-3

25.01.0-4

25.01.0-5

25.03.0-1

25.03.0-2

25.03.0-3

25.03.0-4

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

25.03.0-10

25.03.0-11

25.03.0-11.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-24106.json"

Debian:13 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

25.*

25.03.0-5

25.03.0-5+deb13u2

25.03.0-6

25.03.0-7

25.03.0-9

25.03.0-10

25.03.0-11

25.03.0-11.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-24106.json"

Debian:14 / poppler

Package

Name: poppler
Purl: pkg:deb/debian/poppler?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

25.*

25.03.0-5

25.03.0-6

25.03.0-7

25.03.0-9

25.03.0-10

25.03.0-11

25.03.0-11.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-24106.json"