{"id":"MGASA-2024-0035","summary":"Updated xpdf packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\nLogic bug in text extractor led to invalid memory access.\n(CVE-2022-30524)\nInteger overflow in rasterizer. (CVE-2022-30775)\nPDF object loop in Catalog::countPageTree. (CVE-2022-33108)\nPDF object loop in AcroForm::scanField. (CVE-2022-36561)\nLogic bug in JBIG2 decoder. (CVE-2022-38222)\nPDF object loop in Catalog::countPageTree. (CVE-2022-38334)\nMissing bounds check in CFF font converter caused null pointer\ndereference. (CVE-2022-38928)\nPDF object loop in Catalog::countPageTree. (CVE-2022-41842)\nMissing bounds check in CFF font parser caused invalid memory access.\n(CVE-2022-41843)\nPDF object loop in AcroForm::scanField. (CVE-2022-41844)\nPDF object loop in Catalog::readPageLabelTree2. (CVE-2022-43071)\nPDF object loop in Catalog::countPageTree. (CVE-2022-43295)\nPDF object loop in Catalog::countPageTree. (CVE-2022-45586)\nPDF object loop in Catalog::countPageTree. (CVE-2022-45587)\nDivide-by-zero in Xpdf 4.04 due to bad color space object.\n(CVE-2023-2662)\nPDF object loop in Catalog::readPageLabelTree2. (CVE-2023-2663)\nPDF object loop in Catalog::readEmbeddedFileTree. (CVE-2023-2664)\nDivide-by-zero in Xpdf 4.04 due to very large page size. (CVE-2023-3044)\nDeadlock in Xpdf 4.04 due to PDF object stream references.\n(CVE-2023-3436)\n","modified":"2026-04-16T04:42:43.840361413Z","published":"2024-02-10T19:02:27Z","upstream":["CVE-2022-30524","CVE-2022-30775","CVE-2022-33108","CVE-2022-36561","CVE-2022-38222","CVE-2022-38334","CVE-2022-38928","CVE-2022-41842","CVE-2022-41843","CVE-2022-41844","CVE-2022-43071","CVE-2022-43295","CVE-2022-45586","CVE-2022-45587","CVE-2023-2662","CVE-2023-2663","CVE-2023-2664","CVE-2023-3044","CVE-2023-3436"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0035.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30812"},{"type":"WEB","url":"http://www.xpdfreader.com/security-fixes.html"}],"affected":[{"package":{"name":"xpdf","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/xpdf?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.05-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0035.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}