Test ID:	1.3.6.1.4.1.25623.1.1.10.2022.0320
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2022-0320)
Summary:	The remote host is missing an update for the 'xpdf' package(s) announced via the MGASA-2022-0320 advisory.
Description:	Summary: The remote host is missing an update for the 'xpdf' package(s) announced via the MGASA-2022-0320 advisory. Vulnerability Insight: In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. (CVE-2022-24106) Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. (CVE-2022-24107) Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. (CVE-2022-38171) Affected Software/OS: 'xpdf' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-24106 http://www.xpdfreader.com/security-fixes.html https://dl.xpdfreader.com/xpdf-4.04.tar.gz Common Vulnerability Exposure (CVE) ID: CVE-2022-38171 https://github.com/jeffssh/CVE-2021-30860 https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html https://www.cve.org/CVERecord?id=CVE-2021-30860 http://www.openwall.com/lists/oss-security/2022/09/02/11
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.