rpm package
almalinux/poppler-glib
pkg:rpm/almalinux/poppler-glib
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32365 | — | < 21.01.0-23.el9_7 | 21.01.0-23.el9_7 | Apr 5, 2025 | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. | ||
| CVE-2024-6239 | — | < 20.11.0-12.el8_10 | 20.11.0-12.el8_10 | Jun 21, 2024 | A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | ||
| CVE-2020-36024 | — | < 20.11.0-11.el8 | 20.11.0-11.el8 | Aug 11, 2023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | ||
| CVE-2022-38784 | — | < 21.01.0-14.el9 | 21.01.0-14.el9 | Aug 30, 2022 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu | ||
| CVE-2022-27337 | — | < 20.11.0-5.el8 | 20.11.0-5.el8 | May 5, 2022 | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
- CVE-2025-32365Apr 5, 2025affected < 21.01.0-23.el9_7fixed 21.01.0-23.el9_7
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
- CVE-2024-6239Jun 21, 2024affected < 20.11.0-12.el8_10fixed 20.11.0-12.el8_10
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
- CVE-2020-36024Aug 11, 2023affected < 20.11.0-11.el8fixed 20.11.0-11.el8
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
- CVE-2022-38784Aug 30, 2022affected < 21.01.0-14.el9fixed 21.01.0-14.el9
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu
- CVE-2022-27337May 5, 2022affected < 20.11.0-5.el8fixed 20.11.0-5.el8
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.