rpm package
almalinux/poppler-qt6-devel
pkg:rpm/almalinux/poppler-qt6-devel
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-10118 | Hig | 7.8 | < 24.02.0-7.el10_2.2 | 24.02.0-7.el10_2.2 | Jun 1, 2026 | A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, al | |
| CVE-2025-32365 | — | < 24.02.0-7.el10_1 | 24.02.0-7.el10_1 | Apr 5, 2025 | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. |
- affected < 24.02.0-7.el10_2.2fixed 24.02.0-7.el10_2.2
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, al
- CVE-2025-32365Apr 5, 2025affected < 24.02.0-7.el10_1fixed 24.02.0-7.el10_1
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.