CVE-2024-56378

Опубликовано: 22 дек. 2024

Источник: redhat

CVSS3: 4.4

EPSS Низкий

Описание

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

An out-of-bounds read exists within Poppler's JBIG2Bitmap::combine function in JBIG2Stream.cc. This flaw allows an attacker to crash the application via a carefully crafted pdf file. This issue can be triggered through the pdfimages utility.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	poppler	Out of support scope
Red Hat Enterprise Linux 7	compat-poppler022	Out of support scope
Red Hat Enterprise Linux 7	poppler	Out of support scope
Red Hat Enterprise Linux 8	gimp:flatpak/poppler	Out of support scope
Red Hat Enterprise Linux 8	poppler	Out of support scope
Red Hat Enterprise Linux 9	poppler	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2333794Poppler: out-of-bounds read

EPSS

Процентиль: 38%

0.00163

Низкий

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2024-56378

CVSS3: 4.3

ubuntu

6 месяцев назад

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

CVE-2024-56378

CVSS3: 4.3

nvd

6 месяцев назад

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

CVE-2024-56378

CVSS3: 4.3

debian

6 месяцев назад

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vul ...

SUSE-SU-2024:4435-1

suse-cvrf

6 месяцев назад

Security update for poppler

SUSE-SU-2024:4432-1

suse-cvrf

6 месяцев назад

Security update for poppler

EPSS

Процентиль: 38%

0.00163

Низкий

4.4 Medium

CVSS3