CVE-2024-56378
Public on 2024-12-23
Modified on 2025-01-03
Description
An out-of-bounds read exists within Poppler's JBIG2Bitmap::combine function in JBIG2Stream.cc. This flaw allows an attacker to crash the application via a carefully crafted pdf file. This issue can be triggered through the pdfimages utility.libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | poppler | No Fix Planned | ||
| Amazon Linux 2 - Core | poppler | Pending Fix | ||
| Amazon Linux 2023 | poppler | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |