poppler-qt5 (SUSE:Linux Enterprise Module for Package Hub 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Package Hub 15 SP6 package poppler-qt5, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2025-50420 — CVSS 6.5 (medium): An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted…
CVE-2025-52885: Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been…
CVE-2025-52886 — CVSS 5.9 (medium): Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is…
CVE-2024-56378 — CVSS 4.3 (medium): libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
CVE-2025-43903 — CVSS 4.3 (medium): NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential…
CVE-2025-32365 — CVSS 4.0 (medium): Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc…
CVE-2025-32364 — CVSS 4.0 (medium): A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling…
CVE-2025-43718 — CVSS 2.9 (low): Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such…
CVE-2025-11896: In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.