{"id":"JLSEC-2026-86","summary":"Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the...","details":"Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.","modified":"2026-04-13T14:46:48.517619452Z","published":"2026-04-13T13:20:05.063Z","upstream":["CVE-2025-32365","EUVD-2025-9921","GHSA-r4rq-7765-p57x"],"database_specific":{"license":"CC-BY-4.0","sources":[{"id":"CVE-2025-32365","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32365","modified":"2025-11-03T20:18:26.977Z","imported":"2026-04-13T04:14:33.298Z","published":"2025-04-05T22:15:19.010Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-32365"},{"id":"GHSA-r4rq-7765-p57x","html_url":"https://github.com/advisories/GHSA-r4rq-7765-p57x","modified":"2025-11-03T21:33:31Z","imported":"2026-04-13T04:15:00.157Z","published":"2025-04-07T15:31:11Z","url":"https://api.github.com/advisories/GHSA-r4rq-7765-p57x"},{"id":"EUVD-2025-9921","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-9921","modified":"2025-11-03T19:53:23Z","imported":"2026-04-13T04:14:34.538Z","published":"2025-04-05T00:00:00Z","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-9921"}]},"references":[{"type":"WEB","url":"https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577"},{"type":"WEB","url":"https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32365"},{"type":"WEB","url":"https://github.com/advisories/GHSA-r4rq-7765-p57x"}],"affected":[{"package":{"name":"Poppler_jll","ecosystem":"Julia","purl":"pkg:julia/Poppler_jll?uuid=9c32591e-4766-534b-9725-b71a8799265b"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"25.10.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-86.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}