Poppler Out-of-Bounds Read Vulnerability in JBIG2Stream Processing

Vulnerability

A vulnerability in Poppler versions prior to 25.04.0 allows crafted input files to cause out-of-bounds read errors in the JBIG2Bitmap::combine function within JBIG2Stream.cc. This issue arises from a misplaced 'isOk' check, which can be exploited by maliciously designed files.

Impact

Exploitation of this vulnerability leads to out-of-bounds read errors, which can potentially be exploited to cause a denial-of-service condition or to read sensitive memory contents.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Poppler Out-of-Bounds Read Vulnerability in JBIG2Stream Processing

Vulnerability

Impact

Affected Products

Poppler

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating