CVE-2025-32365

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Poppler versions prior to 25.04.0

Description The issue allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function due to a misplaced isOk check. This occurs in the JBIG2 parsing component of the software.

Recommendations For versions prior to 25.04.0, update to version 25.04.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted input files until the update is applied.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:0126

ALSA-2026:0128

ALSA-2026:0130

ALT-PU-2025-14450

BDU:2025-06078

CVE-2025-32365

DLA-4141-1

JLSEC-2026-86

MGASA-2025-0134

OESA-2025-1390

OPENSUSE-SU-2025:14976-1

OPENSUSE-SU-2025_1172-1

OPENSUSE-SU-2025_1173-1

OPENSUSE-SU-2025_1342-1

RHSA-2026:0126

RHSA-2026:0128

RHSA-2026:0130

RHSA-2026:0772

RHSA-2026:0773

RHSA-2026:0774

RHSA-2026:0795

RHSA-2026:0796

RHSA-2026:0797

RHSA-2026:0799

RHSA-2026:1090

RHSA-2026:1091

SUSE-SU-2025:01780-1

SUSE-SU-2025:1172-1

SUSE-SU-2025:1173-1

SUSE-SU-2025:1339-1

SUSE-SU-2025:1342-1

SUSE-SU-2025_01780-1

USN-7426-1

USN-7426-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Poppler

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-32365

Weakness Enumeration

Related Identifiers

Affected Products

References · 73