Unrated severityOSV Advisory· Published Jun 21, 2024· Updated Nov 20, 2025

Poppler: pdfinfo: crash in broken documents when using -dests parameter

CVE-2024-6239

Description

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

Affected products

Poppler (software)/PopplerOSV
Range: poppler-0.10.0, poppler-0.11.0, poppler-0.11.1, …
osv-coords20 versions
pkg:rpm/almalinux/poppler pkg:rpm/almalinux/poppler-cpp pkg:rpm/almalinux/poppler-cpp-devel pkg:rpm/almalinux/poppler-devel pkg:rpm/almalinux/poppler-glib pkg:rpm/almalinux/poppler-glib-devel pkg:rpm/almalinux/poppler-glib-doc pkg:rpm/almalinux/poppler-qt5 pkg:rpm/almalinux/poppler-qt5-devel pkg:rpm/almalinux/poppler-utils pkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/poppler&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/poppler-qt5&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/poppler-qt6&distro=openSUSE%20Leap%2015.5 pkg:rpm/rocky-linux/poppler?distro=rocky-linux-9&epoch=0 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5 pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5 pkg:rpm/suse/poppler-qt5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 20.11.0-12.el8_10+ 19 more
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 20.11.0-12.el8_10
- (no CPE)range: < 23.01.0-150500.3.11.1
- (no CPE)range: < 24.07.0-1.1
- (no CPE)range: < 23.01.0-150500.3.11.1
- (no CPE)range: < 23.01.0-150500.3.11.1
- (no CPE)range: < 0:21.01.0-21.el9
- (no CPE)range: < 23.01.0-150500.3.11.1
- (no CPE)range: < 0.79.0-150200.3.32.1
- (no CPE)range: < 23.01.0-150500.3.11.1
- (no CPE)range: < 22.01.0-150400.3.22.1
- (no CPE)range: < 23.01.0-150500.3.11.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:5305mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:9167mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2024-6239mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000