Debian 11: DLA-4141-1 critical: poppler capacity threats
debian lts
April 28, 2025
Multiple vulnerabilities have been fixed in the PDF rendering library poppler
Summary
CVE-2020-36023
Infinite loop in FoFiType1C::cvtGlyph
CVE-2020-36024
NULL dereference in FoFiType1C::convertToType1
CVE-2022-37050
Crash in PDFDoc::savePageAs
CVE-2022-37051
Crash in the pdfunite tool
CVE-2022-37052
Reachable assert on XRef::add failure
CVE-2022-38349
pdfunite crash on broken files
CVE-2024-56378
Out-of-bounds read in JBIG2Bitmap::combine
CVE-2025-32364
Floating point exception in PSStack::roll
CVE-2025-32365
Out-of-bounds read in JBIG2:Bitmap::combine
For Debian 11 bullseye, these problems have been fixed in version
20.09.0-3.1+deb11u2.
We recommend that you upgrade your poppler packages.
For the detailed security status of poppler please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/poppler
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: poppler
Version: 20.09.0-3.1+deb11u2
CVE ID: CVE-2020-36023 CVE-2020-36024 CVE-2022-37050 CVE-2022-37051
Debian Bug: 1091322 1102190 1102191
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!