An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | poppler | <= 22.12.0-2 | poppler_22.12.0-2_all.deb |
Debian | 11 | all | poppler | <= 20.09.0-3.1+deb11u1 | poppler_20.09.0-3.1+deb11u1_all.deb |
Debian | 10 | all | poppler | <= 0.71.0-5 | poppler_0.71.0-5_all.deb |
Debian | 999 | all | poppler | <= 24.02.0-5 | poppler_24.02.0-5_all.deb |
Debian | 13 | all | poppler | <= 24.02.0-5 | poppler_24.02.0-5_all.deb |