{"id":"CVE-2024-56378","details":"libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.","modified":"2026-04-02T12:25:21.017932Z","published":"2024-12-23T00:15:05.133Z","related":["MGASA-2025-0022","SUSE-SU-2024:4421-1","SUSE-SU-2024:4422-1","SUSE-SU-2024:4423-1","SUSE-SU-2024:4432-1","SUSE-SU-2024:4435-1","openSUSE-SU-2025:14616-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html"},{"type":"WEB","url":"https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621"},{"type":"REPORT","url":"https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553"},{"type":"FIX","url":"https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/poppler/poppler","events":[{"introduced":"0"},{"last_affected":"30eada0d2bceb42c2d2a87361339063e0b9bea50"},{"fixed":"ade9b5ebed44b0c15522c27669ef6cdf93eff84e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"24.12.0"}]}}],"versions":["poppler-0.1.1","poppler-0.10.0","poppler-0.10.1","poppler-0.10.2","poppler-0.10.3","poppler-0.10.4","poppler-0.10.5","poppler-0.10.6","poppler-0.10.7","poppler-0.11.0","poppler-0.11.1","poppler-0.11.2","poppler-0.11.3","poppler-0.12.0","poppler-0.12.1","poppler-0.12.2","poppler-0.12.3","poppler-0.12.4","poppler-0.13.0","poppler-0.13.1","poppler-0.13.2","poppler-0.13.3","poppler-0.13.4","poppler-0.14.0","poppler-0.14.1","poppler-0.14.2","poppler-0.14.3","poppler-0.14.4","poppler-0.14.5","poppler-0.15.0","poppler-0.15.1","poppler-0.15.2","poppler-0.15.3","poppler-0.16.0","poppler-0.16.1","poppler-0.16.2","poppler-0.16.3","poppler-0.16.4","poppler-0.16.5","poppler-0.16.6","poppler-0.16.7","poppler-0.17.0","poppler-0.17.1","poppler-0.17.2","poppler-0.17.3","poppler-0.17.4","poppler-0.18.0","poppler-0.18.1","poppler-0.18.2","poppler-0.18.3","poppler-0.18.4","poppler-0.19.0","poppler-0.19.1","poppler-0.19.2","poppler-0.19.3","poppler-0.19.4","poppler-0.2.0","poppler-0.20.0","poppler-0.20.1","poppler-0.20.2","poppler-0.20.3","poppler-0.20.4","poppler-0.20.5","poppler-0.21.0","poppler-0.21.1","poppler-0.21.2","poppler-0.21.3","poppler-0.21.4","poppler-0.22.0","poppler-0.22.1","poppler-0.22.2","poppler-0.22.3","poppler-0.22.4","poppler-0.22.5","poppler-0.23.0","poppler-0.23.1","poppler-0.23.2","poppler-0.23.3","poppler-0.23.4","poppler-0.24.0","poppler-0.24.1","poppler-0.24.2","poppler-0.24.3","poppler-0.24.4","poppler-0.24.5","poppler-0.25.0","poppler-0.25.1","poppler-0.25.2","poppler-0.25.3","poppler-0.26.0","poppler-0.26.1","poppler-0.26.2","poppler-0.26.3","poppler-0.26.4","poppler-0.26.5","poppler-0.28.0","poppler-0.28.1","poppler-0.29.0","poppler-0.3.0","poppler-0.3.1","poppler-0.3.2","poppler-0.3.3","poppler-0.30.0","poppler-0.31.0","poppler-0.32.0","poppler-0.33.0","poppler-0.34.0","poppler-0.35.0","poppler-0.36","poppler-0.37","poppler-0.38.0","poppler-0.39","poppler-0.4.0","poppler-0.4.1","poppler-0.4.2","poppler-0.4.3","poppler-0.4.4","poppler-0.4.5","poppler-0.40.0","poppler-0.41.0","poppler-0.42.0","poppler-0.43","poppler-0.44","poppler-0.45","poppler-0.46","poppler-0.47","poppler-0.48","poppler-0.49","poppler-0.5.0","poppler-0.5.1","poppler-0.5.2","poppler-0.5.3","poppler-0.5.4","poppler-0.50","poppler-0.51","poppler-0.52","poppler-0.53","poppler-0.54","poppler-0.55","poppler-0.56","poppler-0.57","poppler-0.58","poppler-0.59","poppler-0.6.0","poppler-0.6.0.RC1","poppler-0.6.1","poppler-0.6.2","poppler-0.6.3","poppler-0.6.4","poppler-0.60","poppler-0.60.1","poppler-0.61","poppler-0.61.1","poppler-0.62.0","poppler-0.63.0","poppler-0.64.0","poppler-0.65.0","poppler-0.66.0","poppler-0.67.0","poppler-0.68.0","poppler-0.69.0","poppler-0.7.0","poppler-0.7.1","poppler-0.7.2","poppler-0.7.3","poppler-0.70.0","poppler-0.70.1","poppler-0.71.0","poppler-0.72.0","poppler-0.73.0","poppler-0.74.0","poppler-0.75.0","poppler-0.76.0","poppler-0.76.1","poppler-0.77.0","poppler-0.78.0","poppler-0.79.0","poppler-0.8.0","poppler-0.8.2","poppler-0.8.3","poppler-0.8.4","poppler-0.8.5","poppler-0.8.6","poppler-0.8.7","poppler-0.80.0","poppler-0.81.0","poppler-0.82.0","poppler-0.83.0","poppler-0.84.0","poppler-0.85.0","poppler-0.86.0","poppler-0.86.1","poppler-0.87.0","poppler-0.88.0","poppler-0.89.0","poppler-0.9.0","poppler-0.9.1","poppler-0.9.2","poppler-0.9.3","poppler-0.90.0","poppler-0.90.1","poppler-20.08.0","poppler-20.09.0","poppler-20.10.0","poppler-20.11.0","poppler-20.12.0","poppler-20.12.1","poppler-21.01.0","poppler-21.02.0","poppler-21.03.0","poppler-21.04.0","poppler-21.05.0","poppler-21.06.0","poppler-21.06.1","poppler-21.07.0","poppler-21.08.0","poppler-21.09.0","poppler-21.10.0","poppler-21.11.0","poppler-21.12.0","poppler-22.01.0","poppler-22.02.0","poppler-22.03.0","poppler-22.04.0","poppler-22.05.0","poppler-22.06.0","poppler-22.07.0","poppler-22.08.0","poppler-22.09.0","poppler-22.10.0","poppler-22.11.0","poppler-22.12.0","poppler-23.01.0","poppler-23.02.0","poppler-23.03.0","poppler-23.04.0","poppler-23.05.0","poppler-23.06.0","poppler-23.07.0","poppler-23.08.0","poppler-23.09.0","poppler-23.10.0","poppler-23.11.0","poppler-23.12.0","poppler-24.01.0","poppler-24.02.0","poppler-24.03.0","poppler-24.04.0","poppler-24.05.0","poppler-24.06.0","poppler-24.06.1","poppler-24.07.0","poppler-24.08.0","poppler-24.09.0","poppler-24.10.0","poppler-24.11.0","poppler-24.12.0","poppler-before-fontconfig"],"database_specific":{"vanir_signatures":[{"source":"https://gitlab.freedesktop.org/poppler/poppler@ade9b5ebed44b0c15522c27669ef6cdf93eff84e","deprecated":false,"digest":{"line_hashes":["317993174120115032034425532424644821710","305378439465977260469268437524020531985","32640778084084373713215398513815775002","70173714017035807853509237497907509723","43426555449729616035109266427270452728","86683275675615738987873687730256900326","216949047248132767314281390003326586063","154205541927650703791505449868426040208","214084527060856846290639835030516078283","279690928921326099697943468696789685032","13772684557713579605756961918131262229","277211677198523666325954819965416802661","221527345707546910455034719714713038381","14364649710699683163510119277671541926","155372360500009015349401343898624495844","15957322412323199208936407781506127751","124922917649399959903537357783409463657","20513912555904710286837369651662901604","63795670196445050522573127708076372628","189985544474809842633811341228835061913","71252973307666370295246751685920290176","109838867061695065897441260424740739784","246269872951396569713295466612724197694","68462969337530924193766396260853523921","284352439716032173352938472374950851630"],"threshold":0.9},"signature_type":"Line","id":"CVE-2024-56378-9e8286cc","target":{"file":"poppler/JBIG2Stream.cc"},"signature_version":"v1"},{"source":"https://gitlab.freedesktop.org/poppler/poppler@ade9b5ebed44b0c15522c27669ef6cdf93eff84e","deprecated":false,"digest":{"function_hash":"138063338476241068198743373692070869340","length":3079},"signature_type":"Function","id":"CVE-2024-56378-a9dc4513","target":{"file":"poppler/JBIG2Stream.cc","function":"JBIG2Bitmap::combine"},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56378.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}