VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pn21-ccnx-pucg

Essentials
Severities (70)
References (11)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pn21-ccnx-pucg
Aliases	CVE-2025-32365
Summary	Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
Status	Published
Exploitability	0.5
Weighted Severity	3.6
Risk	1.8
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
cvssv3	4.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32365.json
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32365
cvssv3.1	4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4	https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577
ssvc	Track	https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577
cvssv3.1	4	https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792
ssvc	Track	https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32365.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-32365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32365
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577
		https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792
1102191		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102191
2357656		https://bugzilla.redhat.com/show_bug.cgi?id=2357656
CVE-2025-32365		https://nvd.nist.gov/vuln/detail/CVE-2025-32365
USN-7426-1		https://usn.ubuntu.com/7426-1/
USN-7426-2		https://usn.ubuntu.com/7426-2/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32365.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:43:55Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:43:55Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792

Exploit Prediction Scoring System (EPSS)

Percentile	0.01039
EPSS Score	0.00013
Published At	April 6, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-04-06T07:11:25.843740+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2025-32365	36.0.0