cbcvebase.
CVE-2024-56378
published 2024-12-23

CVE-2024-56378: libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.62%
45.3th percentile
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianpoppler< poppler 22.12.0-2+deb12u1 (bookworm)poppler 22.12.0-2+deb12u1 (bookworm)
freedesktoppoppler<= 24.12.0
freedesktoppoppler>= 0 < 20.09.0-3.1+deb11u220.09.0-3.1+deb11u2
freedesktoppoppler>= 0 < 22.12.0-2+deb12u122.12.0-2+deb12u1
freedesktoppoppler>= 0 < 24.08.0-424.08.0-4
freedesktoppoppler>= 0 < 24.08.0-424.08.0-4

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.