CVE-2025-52886

Medium CVSS: 5.5

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

Vendor

Freedesktop

Product

Poppler

CWE

CWE-416

Yayın Tarihi

2025-07-02 16:15:28

Güncelleme

2025-11-04 22:16:20

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-416 Poppler MEDIUM Freedesktop 2025

Referanslar

https://gitlab.freedesktop.org/poppler/poppler/-/commit/04bd91684ed41d67ae0f10cde0660e4ed74ac203 https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5 https://gitlab.freedesktop.org/poppler/poppler/-/issues/1581 https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1828 https://securitylab.github.com/advisories/GHSL-2025-054_poppler/ http://www.openwall.com/lists/oss-security/2025/07/11/5 http://www.openwall.com/lists/oss-security/2025/07/12/1

Benzer Kayıtlar

High

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or…

Low

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can expl…

Medium

CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via…

Medium

CVE-2025-43903

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting…

Medium

CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in…

Medium

CVE-2025-32364

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash whe…