Alpine: multiple xpdf packages: security update to 4.05-r0

high Tenable Cloud Security Plugin ID 427694

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of
object.cc files. (CVE-2022-33108)

- There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text
extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a
crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service
(Segmentation fault) or possibly have unspecified other impact. (CVE-2022-30524)

- xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for
example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the
DCMAKE_CXX_COMPILER=afl-clang-fast++ option. (CVE-2022-30775)

- XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
(CVE-2022-36561)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-30524

https://security.alpinelinux.org/vuln/CVE-2022-30775

https://security.alpinelinux.org/vuln/CVE-2022-33108

https://security.alpinelinux.org/vuln/CVE-2022-36561

https://security.alpinelinux.org/vuln/CVE-2022-38222

https://security.alpinelinux.org/vuln/CVE-2022-38334

https://security.alpinelinux.org/vuln/CVE-2022-38928

https://security.alpinelinux.org/vuln/CVE-2022-41842

https://security.alpinelinux.org/vuln/CVE-2022-41843

https://security.alpinelinux.org/vuln/CVE-2022-41844

https://security.alpinelinux.org/vuln/CVE-2022-43071

https://security.alpinelinux.org/vuln/CVE-2022-43295

https://security.alpinelinux.org/vuln/CVE-2022-45586

https://security.alpinelinux.org/vuln/CVE-2022-45587

https://security.alpinelinux.org/vuln/CVE-2022-48545

https://security.alpinelinux.org/vuln/CVE-2023-2662

https://security.alpinelinux.org/vuln/CVE-2023-2663

https://security.alpinelinux.org/vuln/CVE-2023-2664

https://security.alpinelinux.org/vuln/CVE-2023-26930

https://security.alpinelinux.org/vuln/CVE-2023-3044

https://security.alpinelinux.org/vuln/CVE-2023-3436

Plugin Details

Severity: High

ID: 427694

Version: Revision 1.4

Type: Local

Published: 5/16/2025

Updated: 6/1/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-33108

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-38928

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/9/2022

Reference Information

CVE: CVE-2022-30524, CVE-2022-30775, CVE-2022-33108, CVE-2022-36561, CVE-2022-38222, CVE-2022-38334, CVE-2022-38928, CVE-2022-41842, CVE-2022-41843, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2022-48545, CVE-2023-2662, CVE-2023-2663, CVE-2023-2664, CVE-2023-26930, CVE-2023-3044, CVE-2023-3436