ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0320
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0320)
Resumen:	The remote host is missing an update for the 'xpdf' package(s) announced via the MGASA-2022-0320 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xpdf' package(s) announced via the MGASA-2022-0320 advisory. Vulnerability Insight: In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. (CVE-2022-24106) Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. (CVE-2022-24107) Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. (CVE-2022-38171) Affected Software/OS: 'xpdf' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-24106 http://www.xpdfreader.com/security-fixes.html https://dl.xpdfreader.com/xpdf-4.04.tar.gz Common Vulnerability Exposure (CVE) ID: CVE-2022-38171 https://github.com/jeffssh/CVE-2021-30860 https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html https://www.cve.org/CVERecord?id=CVE-2021-30860 http://www.openwall.com/lists/oss-security/2022/09/02/11
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.