VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-p629-bug3-s3g9

Essentials
Severities (83)
References (11)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-p629-bug3-s3g9
Aliases	CVE-2024-56378
Summary	libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
Status	Published
Exploitability	0.5
Weighted Severity	4.0
Risk	2.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
cvssv3	4.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56378.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
epss	0.00355	https://api.first.org/data/v1/epss?cve=CVE-2024-56378
cvssv3.1	4.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4.3	https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621
ssvc	Track	https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621
cvssv3.1	4.3	https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
ssvc	Track	https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
cvssv3.1	4.3	https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553
ssvc	Track	https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56378.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-56378
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56378
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621
		https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
		https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553
1091322		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091322
2333794		https://bugzilla.redhat.com/show_bug.cgi?id=2333794
CVE-2024-56378		https://nvd.nist.gov/vuln/detail/CVE-2024-56378
USN-7213-1		https://usn.ubuntu.com/7213-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56378.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553

Exploit Prediction Scoring System (EPSS)

Percentile	0.17338
EPSS Score	0.00045
Published At	Dec. 27, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-12-26T07:52:36.286455+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-56378	35.0.0