rpm package
suse/poppler&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6
pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11896 | Low | — | < 24.03.0-150600.3.27.1 | 24.03.0-150600.3.27.1 | Oct 16, 2025 | In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow. | |
| CVE-2025-52885 | Med | — | < 24.03.0-150600.3.24.1 | 24.03.0-150600.3.24.1 | Oct 10, 2025 | Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a | |
| CVE-2025-43718 | Low | 2.9 | < 24.03.0-150600.3.24.1 | 24.03.0-150600.3.24.1 | Oct 1, 2025 | Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetada | |
| CVE-2025-50420 | — | < 24.03.0-150600.3.19.1 | 24.03.0-150600.3.19.1 | Aug 4, 2025 | An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS). | ||
| CVE-2025-52886 | — | < 24.03.0-150600.3.16.1 | 24.03.0-150600.3.16.1 | Jul 2, 2025 | Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. | ||
| CVE-2025-43903 | — | < 24.03.0-150600.3.13.1 | 24.03.0-150600.3.13.1 | Apr 18, 2025 | NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. | ||
| CVE-2025-32365 | — | < 24.03.0-150600.3.10.1 | 24.03.0-150600.3.10.1 | Apr 5, 2025 | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. | ||
| CVE-2025-32364 | — | < 24.03.0-150600.3.10.1 | 24.03.0-150600.3.10.1 | Apr 5, 2025 | A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. | ||
| CVE-2024-56378 | — | < 24.03.0-150600.3.5.1 | 24.03.0-150600.3.5.1 | Dec 22, 2024 | libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. | ||
| CVE-2024-6239 | — | < 0.79.0-150200.3.32.1 | 0.79.0-150200.3.32.1 | Jun 21, 2024 | A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | ||
| CVE-2024-4141 | — | < 0.79.0-150200.3.29.1 | 0.79.0-150200.3.29.1 | Apr 24, 2024 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. |
- affected < 24.03.0-150600.3.27.1fixed 24.03.0-150600.3.27.1
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.
- affected < 24.03.0-150600.3.24.1fixed 24.03.0-150600.3.24.1
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a
- affected < 24.03.0-150600.3.24.1fixed 24.03.0-150600.3.24.1
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetada
- CVE-2025-50420Aug 4, 2025affected < 24.03.0-150600.3.19.1fixed 24.03.0-150600.3.19.1
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).
- CVE-2025-52886Jul 2, 2025affected < 24.03.0-150600.3.16.1fixed 24.03.0-150600.3.16.1
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
- CVE-2025-43903Apr 18, 2025affected < 24.03.0-150600.3.13.1fixed 24.03.0-150600.3.13.1
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
- CVE-2025-32365Apr 5, 2025affected < 24.03.0-150600.3.10.1fixed 24.03.0-150600.3.10.1
Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
- CVE-2025-32364Apr 5, 2025affected < 24.03.0-150600.3.10.1fixed 24.03.0-150600.3.10.1
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
- CVE-2024-56378Dec 22, 2024affected < 24.03.0-150600.3.5.1fixed 24.03.0-150600.3.5.1
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
- CVE-2024-6239Jun 21, 2024affected < 0.79.0-150200.3.32.1fixed 0.79.0-150200.3.32.1
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
- CVE-2024-4141Apr 24, 2024affected < 0.79.0-150200.3.29.1fixed 0.79.0-150200.3.29.1
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.