Main Vulnerability Database SB2025041821

SB2025041821 - SUSE update for poppler

Published: April 18, 2025

Security Bulletin ID SB2025041821

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Incorrect calculation (CVE-ID: CVE-2025-32364)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a floating point exception within the PSStack::roll() function. A remote attacker can create a specially crafted file, pass it to the application, trigger a floating-point exception and crash the affected application.

2) Out-of-bounds read (CVE-ID: CVE-2025-32365)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the JBIG2Bitmap::combine() function in JBIG2Stream.cc. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system or crash the application.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20251172-1/

Vulnerable Software

openSUSE Leap: 15.4
libpoppler-glib8-64bit-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-glib8-64bit: before 22.01.0-150400.3.28.1
libpoppler117-64bit-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-qt5-1-64bit-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-cpp0-64bit-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-cpp0-64bit: before 22.01.0-150400.3.28.1
libpoppler-qt5-1-64bit: before 22.01.0-150400.3.28.1
libpoppler117-64bit: before 22.01.0-150400.3.28.1
libpoppler-qt5-1-32bit-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-cpp0-32bit: before 22.01.0-150400.3.28.1
libpoppler-cpp0-32bit-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-glib8-32bit-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-qt5-1-32bit: before 22.01.0-150400.3.28.1
libpoppler117-32bit-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-glib8-32bit: before 22.01.0-150400.3.28.1
libpoppler117-32bit: before 22.01.0-150400.3.28.1
libpoppler-devel: before 22.01.0-150400.3.28.1
libpoppler-qt5-1-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-qt5-devel: before 22.01.0-150400.3.28.1
poppler-qt6-debugsource: before 22.01.0-150400.3.28.1
poppler-qt5-debugsource: before 22.01.0-150400.3.28.1
libpoppler-glib8-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-glib8: before 22.01.0-150400.3.28.1
libpoppler117-debuginfo: before 22.01.0-150400.3.28.1
libpoppler117: before 22.01.0-150400.3.28.1
libpoppler-qt6-devel: before 22.01.0-150400.3.28.1
libpoppler-qt5-1: before 22.01.0-150400.3.28.1
poppler-tools-debuginfo: before 22.01.0-150400.3.28.1
poppler-tools: before 22.01.0-150400.3.28.1
libpoppler-cpp0-debuginfo: before 22.01.0-150400.3.28.1
libpoppler-qt6-3-debuginfo: before 22.01.0-150400.3.28.1
typelib-1_0-Poppler-0_18: before 22.01.0-150400.3.28.1
libpoppler-glib-devel: before 22.01.0-150400.3.28.1
libpoppler-cpp0: before 22.01.0-150400.3.28.1
poppler-debugsource: before 22.01.0-150400.3.28.1
libpoppler-qt6-3: before 22.01.0-150400.3.28.1