Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-32365

Опубликовано: 05 апр. 2025
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6popplerOut of support scope
Red Hat Enterprise Linux 7compat-poppler022Out of support scope
Red Hat Enterprise Linux 7popplerOut of support scope
Red Hat Enterprise Linux 10popplerFixedRHSA-2026:012806.01.2026
Red Hat Enterprise Linux 10.0 Extended Update SupportpopplerFixedRHSA-2026:109026.01.2026
Red Hat Enterprise Linux 8popplerFixedRHSA-2026:013006.01.2026
Red Hat Enterprise Linux 8.2 Advanced Update SupportpopplerFixedRHSA-2026:109126.01.2026
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportpopplerFixedRHSA-2026:077419.01.2026
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnpopplerFixedRHSA-2026:077419.01.2026
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportpopplerFixedRHSA-2026:077319.01.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2357656poppler: Out-of-Bounds Read in Poppler

EPSS

Процентиль: 23%
0.00079
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-32365

CVSS3: 4
ubuntu
12 месяцев назад

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

nvd логотип

CVE-2025-32365

CVSS3: 4
nvd
12 месяцев назад

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

debian логотип

CVE-2025-32365

CVSS3: 4
debian
12 месяцев назад

Poppler before 25.04.0 allows crafted input files to trigger out-of-bo ...

rocky логотип

RLSA-2026:0130

rocky
3 месяца назад

Moderate: poppler security update

rocky логотип

RLSA-2026:0128

rocky
3 месяца назад

Moderate: poppler security update

EPSS

Процентиль: 23%
0.00079
Низкий

3.3 Low

CVSS3