VulnerableCode Package Details - pkg:deb/debian/poppler@25.03.0-4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-364a-fvzj-aaah	A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.	CVE-2023-34872
VCID-gdcf-fn5r-p7d8	NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.	CVE-2025-43903
VCID-hnnx-bs3x-cyhw	A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.	CVE-2025-32364
VCID-j39n-x8uc-aaah	poppler: pdfinfo: crash in broken documents when using -dests parameter	CVE-2024-6239
VCID-p629-bug3-s3g9	libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.	CVE-2024-56378
VCID-pn21-ccnx-pucg	Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.	CVE-2025-32365

Vulnerability

Summary

Aliases

VCID-364a-fvzj-aaah

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

CVE-2023-34872

VCID-gdcf-fn5r-p7d8

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CVE-2025-43903

VCID-hnnx-bs3x-cyhw

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

CVE-2025-32364

VCID-j39n-x8uc-aaah

poppler: pdfinfo: crash in broken documents when using -dests parameter

CVE-2024-6239

VCID-p629-bug3-s3g9

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

CVE-2024-56378

VCID-pn21-ccnx-pucg

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.

CVE-2025-32365

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-05-02T11:28:32.311363+00:00	Debian Importer	Fixing	VCID-364a-fvzj-aaah	None	36.0.0
2025-04-24T09:57:13.242608+00:00	Debian Importer	Fixing	VCID-pn21-ccnx-pucg	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-24T01:34:14.206402+00:00	Debian Importer	Fixing	VCID-j39n-x8uc-aaah	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-23T21:15:28.118550+00:00	Debian Importer	Fixing	VCID-p629-bug3-s3g9	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-23T19:07:20.551732+00:00	Debian Importer	Fixing	VCID-hnnx-bs3x-cyhw	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-23T18:04:58.799428+00:00	Debian Importer	Fixing	VCID-364a-fvzj-aaah	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-22T09:01:32.840966+00:00	Debian Importer	Fixing	VCID-gdcf-fn5r-p7d8	https://security-tracker.debian.org/tracker/data/json	36.0.0