CVE-2025-32365

Medium CVSS: 4.0

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

Vendor

Freedesktop

Product

Poppler

CWE

CWE-125

Yayın Tarihi

2025-04-05 22:15:19

Güncelleme

2025-11-03 20:18:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-125 Poppler MEDIUM Freedesktop 2025

Referanslar

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577 https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792 https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html

Benzer Kayıtlar

High

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or…

Low

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can expl…

Medium

CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via…

Medium

CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std…

Medium

CVE-2025-43903

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting…

Medium

CVE-2025-32364

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash whe…