poppler (SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 package poppler, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2025-50420 — CVSS 6.5 (medium): An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted…
CVE-2025-52886 — CVSS 5.9 (medium): Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is…
CVE-2024-56378 — CVSS 4.3 (medium): libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
CVE-2025-32364 — CVSS 4.0 (medium): A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling…
CVE-2025-32365 — CVSS 4.0 (medium): Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc…
CVE-2025-3154: Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.
CVE-2025-11896: In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.