Unrated severityNVD Advisory· Published Dec 22, 2024· Updated Nov 3, 2025
CVE-2024-56378
CVE-2024-56378
Description
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
Affected products
15- Poppler/libpoppler.sodescription
- Range: <=24.12.0
- osv-coords13 versionspkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/poppler&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/poppler-qt5&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/poppler-qt5&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/poppler-qt6&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/poppler-qt6&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/poppler-qt5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/poppler-qt6&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 23.01.0-150500.3.14.1+ 12 more
- (no CPE)range: < 23.01.0-150500.3.14.1
- (no CPE)range: < 24.03.0-150600.3.5.1
- (no CPE)range: < 24.12.0-1.1
- (no CPE)range: < 23.01.0-150500.3.14.1
- (no CPE)range: < 24.03.0-150600.3.5.1
- (no CPE)range: < 23.01.0-150500.3.14.1
- (no CPE)range: < 24.03.0-150600.3.5.1
- (no CPE)range: < 24.03.0-150600.3.5.1
- (no CPE)range: < 24.03.0-150600.3.5.1
- (no CPE)range: < 0.43.0-16.52.1
- (no CPE)range: < 24.03.0-150600.3.5.1
- (no CPE)range: < 24.03.0-150600.3.5.1
- (no CPE)range: < 0.43.0-16.52.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.