Use-After-Free Vulnerability in Xpdf 4.04's JBIG2Stream::close() Function

Use-After-Free Vulnerability in Xpdf 4.04's JBIG2Stream::close() Function

CVE-2022-38222 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

Learn more about our Web Application Penetration Testing UK.