Out-of-Bounds Read Vulnerability in Poppler by Freedesktop
CVE-2025-32365

4MEDIUM

Key Information:

Vendor: Freedesktop
Status: Poppler
Vendor: CVE Published:; 5 April 2025

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2025-32365?

An out-of-bounds read vulnerability exists in Freedesktop's Poppler PDF rendering library, affecting versions prior to 25.04.0. This vulnerability arises from the JBIG2Bitmap::combine function in JBIG2Stream.cc, where an improper isOk check allows attackers to craft input files that can lead to unintended memory access. Such a flaw potentially allows attackers to exploit the software and access sensitive information or execute arbitrary code, emphasizing the need for prompt software updates and thorough input validation measures to mitigate risks.

Affected Version(s)

Poppler 0 < 25.04.0

References

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577

https://gitlab.freedesktop.org/poppler/poppler/-/merge_re...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 5, 2025
Vulnerability Reserved
Apr 5, 2025