rpm package
opensuse/poppler&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56378 | — | < 23.01.0-150500.3.14.1 | 23.01.0-150500.3.14.1 | Dec 22, 2024 | libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. | ||
| CVE-2024-6239 | — | < 23.01.0-150500.3.11.1 | 23.01.0-150500.3.11.1 | Jun 21, 2024 | A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | ||
| CVE-2024-4141 | — | < 23.01.0-150500.3.8.1 | 23.01.0-150500.3.8.1 | Apr 24, 2024 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. | ||
| CVE-2023-34872 | — | < 23.01.0-150500.3.5.2 | 23.01.0-150500.3.5.2 | Jul 31, 2023 | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. |
- CVE-2024-56378Dec 22, 2024affected < 23.01.0-150500.3.14.1fixed 23.01.0-150500.3.14.1
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
- CVE-2024-6239Jun 21, 2024affected < 23.01.0-150500.3.11.1fixed 23.01.0-150500.3.11.1
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
- CVE-2024-4141Apr 24, 2024affected < 23.01.0-150500.3.8.1fixed 23.01.0-150500.3.8.1
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
- CVE-2023-34872Jul 31, 2023affected < 23.01.0-150500.3.5.2fixed 23.01.0-150500.3.5.2
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.