Poppler: out-of-bounds read (CVE-2024-56378) #shorts

CVE

This CVE highlights a critical out-of-bounds read vulnerability in Poppler's library, specifically in libpoppler.so through version 24.12.0. The issue is located within the JBIG2Bitmap::combine function in the JBIG2Stream.cc file. An out-of-bounds read typically occurs when a program reads data beyond the intended boundaries of a buffer, which can lead to information leakage. Since this is a zero-day vulnerability, it means the flaw is exploited before the vendor is aware of it and users have not yet been able to apply a patch. The full extent of the potential exploitation is currently unknown, but this vulnerability poses a risk of information disclosure to users of the Poppler library. As of now, details of who has been attacked or what tools have been used remain undisclosed.

Watch the full video on YouTube: CVE-2024-56378

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-56378
Description
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
Provider
mitre
CWE / problem types
n/a
Affected Software Versions
n/a:n/a:[{'version': 'n/a', 'status': 'affected'}]
Date Published
2024-12-22T00:00:00
Last Updated
2024-12-26T19:27:57.025Z