CVE-2024-56378
published 2024-12-23CVE-2024-56378: libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.62%
45.3th percentile
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 22.12.0-2+deb12u1 (bookworm) | poppler 22.12.0-2+deb12u1 (bookworm) |
| freedesktop | poppler | <= 24.12.0 | — |
| freedesktop | poppler | >= 0 < 20.09.0-3.1+deb11u2 | 20.09.0-3.1+deb11u2 |
| freedesktop | poppler | >= 0 < 22.12.0-2+deb12u1 | 22.12.0-2+deb12u1 |
| freedesktop | poppler | >= 0 < 24.08.0-4 | 24.08.0-4 |
| freedesktop | poppler | >= 0 < 24.08.0-4 | 24.08.0-4 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h369-f67q-2q4c: libpoppler
ghsa_unreviewed·2024-12-23
CVE-2024-56378 [MEDIUM] CWE-125 GHSA-h369-f67q-2q4c: libpoppler
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
OSV
CVE-2024-56378: libpoppler
osv·2024-12-23·CVSS 4.3
CVE-2024-56378 [MEDIUM] CVE-2024-56378: libpoppler
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
Ubuntu
poppler vulnerability
vendor_ubuntu·2025-01-16
CVE-2024-56378 poppler vulnerability
Title: poppler vulnerability
Summary: poppler could be made to crash or expose sensitive information if it opened
a specially crafted file.
It was discovered that poppler incorrectly handled memory when opening
certain PDF files. An attacker could possibly use this issue to cause
denial of service or obtain sensitive information.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Poppler: out-of-bounds read
vendor_redhat·2024-12-22·CVSS 4.3
CVE-2024-56378 [MEDIUM] CWE-125 Poppler: out-of-bounds read
Poppler: out-of-bounds read
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
An out-of-bounds read exists within Poppler's JBIG2Bitmap::combine function in JBIG2Stream.cc. This flaw allows an attacker to crash the application via a carefully crafted pdf file. This issue can be triggered through the pdfimages utility.
Package: poppler (Red Hat Enterprise Linux 6) - Out of support scope
Package: compat-poppler022 (Red Hat Enterprise Linux 7) - Out of support scope
Package: poppler (Red Hat Enterprise Linux 7) - Out of support scope
Package: gimp:flatpak/poppler (Red Hat Enterprise Linux 8) - Out of support scope
Package: poppler (Red Hat Enterprise Linux 8) - Out of support scope
Package: popp
Debian
CVE-2024-56378: poppler - libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability...
vendor_debian·2024·CVSS 4.3
CVE-2024-56378 [MEDIUM] CVE-2024-56378: poppler - libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability...
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
Scope: local
bookworm: resolved (fixed in 22.12.0-2+deb12u1)
bullseye: resolved (fixed in 20.09.0-3.1+deb11u2)
forky: resolved (fixed in 24.08.0-4)
sid: resolved (fixed in 24.08.0-4)
trixie: resolved (fixed in 24.08.0-4)
No detection rules found.
No public exploits indexed.
https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84ehttps://gitlab.freedesktop.org/poppler/poppler/-/issues/1553https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html
2024-12-23
Published