Vulnerability Details CVE-2022-38222
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.1%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2022-38222
-
cpe:2.3:a:xpdfreader:xpdf:4.04