Login Sign Up

CVE-2022-33108

7.8 HIGH

📋 TL;DR

CVE-2022-33108 is a stack overflow vulnerability in XPDF v4.04's Object::Copy class that allows attackers to execute arbitrary code by crafting malicious PDF files. This affects users who process untrusted PDF files with XPDF. The vulnerability could lead to complete system compromise.

💻 Affected Systems

Products:
  • XPDF
Versions: v4.04
Operating Systems: All platforms where XPDF runs (Linux, Windows, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using XPDF v4.04 to process PDF files is vulnerable regardless of configuration

📦 What is this software?

Xpdf by Xpdfreader

View all CVEs affecting Xpdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, and persistent backdoor installation

🟠

Likely Case

Application crash (denial of service) or limited code execution in the context of the XPDF process

🟢

If Mitigated

Application crash with no code execution if exploit fails or mitigations are in place

🌐 Internet-Facing: MEDIUM - Requires PDF file upload/processing capability, not directly network exploitable
🏢 Internal Only: MEDIUM - Internal users could exploit via malicious PDF files, but requires user interaction

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user to open a malicious PDF file. Proof-of-concept code is available in public forums.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.05 and later

Vendor Advisory: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284

Restart Required: No

Instructions:

1. Download XPDF v4.05 or later from the official website. 2. Replace the vulnerable XPDF binary with the updated version. 3. Test PDF processing functionality.

🔧 Temporary Workarounds

Disable PDF processing

linux

Temporarily disable XPDF usage for processing untrusted PDF files

# Remove execute permissions from xpdf binary
chmod -x /usr/bin/xpdf

Use alternative PDF processor

linux

Replace XPDF with alternative PDF processing tools like Poppler or Ghostscript

# Install poppler-utils as alternative
apt-get install poppler-utils

🧯 If You Can't Patch

  • Implement strict file upload validation and sandbox XPDF processing
  • Deploy application control to prevent execution of malicious payloads

🔍 How to Verify

Check if Vulnerable:

Check XPDF version: xpdf -v | grep 'version'

Check Version:

xpdf -v

Verify Fix Applied:

Verify version is 4.05 or higher: xpdf -v | grep 'version 4.0[5-9]'

📡 Detection & Monitoring

Log Indicators:

  • XPDF process crashes with segmentation fault
  • Unusual memory access patterns in system logs

Network Indicators:

  • PDF file uploads followed by process termination

SIEM Query:

process_name:xpdf AND (event_type:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2022-33108
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33108, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)