JuliaLang · jlsec-bot · Oct 10, 2025
diff --git a/advisories/published/2025/JLSEC-0000-mnrsfb0i9-1x6vzie.md b/advisories/published/2025/JLSEC-0000-mnrsfb0i9-1x6vzie.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mnrsfb0i9-1x6vzie"
+modified = 2025-10-10T03:20:22.353Z
+upstream = ["CVE-2025-32364"]
+references = ["https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3", "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574"]
+
+[[affected]]
+pkg = "Poppler_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-32364"
+imported = 2025-10-10T03:20:22.334Z
+modified = 2025-10-09T14:00:04.740Z
+published = 2025-04-05T22:15:18.337Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-32364"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-32364"
+```
+
+# A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an appl...
+
+A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnrsfb0n1-1m33zyx.md b/advisories/published/2025/JLSEC-0000-mnrsfb0n1-1m33zyx.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mnrsfb0n1-1m33zyx"
+modified = 2025-10-10T03:20:22.525Z
+upstream = ["CVE-2025-32365"]
+references = ["https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577", "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792"]
+
+[[affected]]
+pkg = "Poppler_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-32365"
+imported = 2025-10-10T03:20:22.525Z
+modified = 2025-10-09T13:51:48.690Z
+published = 2025-04-05T22:15:19.010Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-32365"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-32365"
+```
+
+# Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap:...
+
+Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnrsfb69a-1sju4v3.md b/advisories/published/2025/JLSEC-0000-mnrsfb69a-1sju4v3.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mnrsfb69a-1sju4v3"
+modified = 2025-10-10T03:20:29.806Z
+upstream = ["CVE-2025-50420"]
+references = ["http://freedesktop.com", "http://poppler.com", "https://github.com/Landw-hub/CVE-2025-50420"]
+
+[[affected]]
+pkg = "Poppler_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-50420"
+imported = 2025-10-10T03:20:29.806Z
+modified = 2025-10-09T17:43:54.350Z
+published = 2025-08-04T17:15:30.700Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-50420"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-50420"
+```
+
+# An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an inf...
+
+An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).
+