CVE-2025-52886

EPSS 0.02%
Veröffentlicht 02.07.2025 15:46:49
Zuletzt bearbeitet 03.07.2025 15:13:53
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerpoppler

≫

Produkt poppler

Version < 25.06.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.5	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://securitylab.github.com/advisories/GHSL-2025-054_poppler/

https://gitlab.freedesktop.org/poppler/poppler/-/commit/04bd91684ed41d67ae0f10cde0660e4ed74ac203

https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1581

https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1828

https://nvd.nist.gov/vuln/detail/CVE-2025-52886

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52886

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52886

EUVD