CVE-2024-56378

CWE-125Out-of-bounds Read7 documents7 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 46.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedDec 23
Latest updateJan 16

Description

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

Debianpoppler< 20.09.0-3.1+deb11u2+3
NVDfreedesktop/poppler24.12.0

Patches

Patch: gitlab.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-h369-f67q-2q4c: libpoppler2024-12-23
OSV
CVE-2024-56378: libpoppler2024-12-23
CVEList
CVE-2024-56378: libpoppler2024-12-22

📋Vendor Advisories

3
Ubuntu
poppler vulnerability2025-01-16
Red Hat
Poppler: out-of-bounds read2024-12-22
Debian
CVE-2024-56378: poppler - libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability...2024
CVE-2024-56378 (MEDIUM CVSS 4.3) | libpoppler.so in Poppler through 24 | cvebase.io