CVE-2024-56378

low-risk
Published 2024-12-23

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Freedesktop

References (4)

Product https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a873613...
Patch https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c276...
Exploit https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553
https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal