Updated poppler packages fix security vulnerabilities
Publication date: 12 Apr 2025Modification date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32364 , CVE-2025-32365
Description
A floating-point exception in the PSStack::roll function of Poppler
before 25.04.0 can cause an application to crash when handling malformed
inputs associated with INT_MIN. (CVE-2025-32364)
Poppler before 25.04.0 allows crafted input files to trigger
out-of-bounds reads in the JBIG2Bitmap::combine function in
JBIG2Stream.cc because of a misplaced isOk check. (CVE-2025-32365)
References
- https://bugs.mageia.org/show_bug.cgi?id=34182
- https://ubuntu.com/security/notices/USN-7426-1
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/7MHRTVNCUQHLCEUDCYX24NK4ID3BMFG5/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32365
SRPMS
9/core
- poppler-23.02.0-1.5.mga9