VulnerableCode Package Details - pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-5ynz-7776-3bbt Aliases: CVE-2025-43903	NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.	25.03.0-5 Affected by 0 other vulnerabilities.
VCID-avnr-t9ny-vqam Aliases: CVE-2024-6239	A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.	25.03.0-5 Affected by 0 other vulnerabilities.
VCID-chds-xndj-tffu Aliases: CVE-2025-52886	Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.	25.03.0-5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5ynz-7776-3bbt
Aliases:
CVE-2025-43903

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

25.03.0-5
Affected by 0 other vulnerabilities.

VCID-avnr-t9ny-vqam
Aliases:
CVE-2024-6239

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

25.03.0-5
Affected by 0 other vulnerabilities.

VCID-chds-xndj-tffu
Aliases:
CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

25.03.0-5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1w5c-axe5-mbb5	An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.	CVE-2020-36023
VCID-5j7m-cczq-yuev	An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.	CVE-2022-37051
VCID-bh11-g94j-mfc4	A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.	CVE-2022-37052
VCID-p8zt-gbzd-yyf8	An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.	CVE-2022-38349
VCID-sam6-g21p-27ct	An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.	CVE-2020-36024
VCID-sd6h-f97f-t3af	Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.	CVE-2025-32365
VCID-w1t7-xbb5-3qh1	libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.	CVE-2024-56378
VCID-wxqy-xnjs-nkd1	A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.	CVE-2025-32364
VCID-yzxk-8kas-tbgp	In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.	CVE-2022-37050

Vulnerability

Summary

Aliases

VCID-1w5c-axe5-mbb5

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

CVE-2020-36023

VCID-5j7m-cczq-yuev

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

CVE-2022-37051

VCID-bh11-g94j-mfc4

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

CVE-2022-37052

VCID-p8zt-gbzd-yyf8

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

CVE-2022-38349

VCID-sam6-g21p-27ct

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

CVE-2020-36024

VCID-sd6h-f97f-t3af

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

CVE-2025-32365

VCID-w1t7-xbb5-3qh1

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

CVE-2024-56378

VCID-wxqy-xnjs-nkd1

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

CVE-2025-32364

VCID-yzxk-8kas-tbgp

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.

CVE-2022-37050

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:17:23.258923+00:00	Debian Oval Importer	Fixing	VCID-wxqy-xnjs-nkd1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:38:21.337521+00:00	Debian Oval Importer	Fixing	VCID-w1t7-xbb5-3qh1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:50:51.876784+00:00	Debian Oval Importer	Fixing	VCID-sam6-g21p-27ct	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:30:12.142325+00:00	Debian Oval Importer	Fixing	VCID-bh11-g94j-mfc4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:26:04.576795+00:00	Debian Oval Importer	Fixing	VCID-5j7m-cczq-yuev	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:07:39.107595+00:00	Debian Oval Importer	Fixing	VCID-sd6h-f97f-t3af	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:57:43.187190+00:00	Debian Oval Importer	Fixing	VCID-yzxk-8kas-tbgp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:39:08.423055+00:00	Debian Oval Importer	Fixing	VCID-p8zt-gbzd-yyf8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:05:02.035298+00:00	Debian Importer	Affected by	VCID-5ynz-7776-3bbt	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:49:16.070731+00:00	Debian Importer	Affected by	VCID-chds-xndj-tffu	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:12:30.432106+00:00	Debian Importer	Affected by	VCID-avnr-t9ny-vqam	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T11:55:05.547039+00:00	Debian Oval Importer	Fixing	VCID-1w5c-axe5-mbb5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0