CVE-2024-56378

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 23, 2024

Updated: Dec 26, 2024

CWE ID 125

Summary

CVE-2024-56378 is a newly disclosed vulnerability affecting the libpoppler.so component in Poppler up to version 24.12.0. This issue involves an out-of-bounds read vulnerability located within the JBIG2Bitmap::combine function in JBIG2Stream.cc. An attacker could exploit this flaw by manipulating a maliciously crafted JBIG2 image file, leading to potential memory corruption and information disclosure. Successful exploitation of this vulnerability could result in significant security implications, such as unauthorized access or data theft. It is highly recommended that users upgrade to the latest version of Poppler to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Poppler

Affected Vendors

Poppler

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners