CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.freedesktop.org/poppler/poppler/-/commit/04bd91684ed41d67ae0f10cde0660e4ed74ac203	Patch
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5	Patch
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1581	Exploit Issue Tracking Vendor Advisory
https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1828	Product
https://securitylab.github.com/advisories/GHSL-2025-054_poppler/	Exploit Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/07/11/5
http://www.openwall.com/lists/oss-security/2025/07/12/1

Configurations

Configuration 1 (hide)

cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*

History

04 Nov 2025, 22:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/07/11/5 - () http://www.openwall.com/lists/oss-security/2025/07/12/1 -

10 Oct 2025, 19:52

Type	Values Removed	Values Added
References	~~() https://gitlab.freedesktop.org/poppler/poppler/-/commit/04bd91684ed41d67ae0f10cde0660e4ed74ac203 -~~	() https://gitlab.freedesktop.org/poppler/poppler/-/commit/04bd91684ed41d67ae0f10cde0660e4ed74ac203 - Patch
References	~~() https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5 -~~	() https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5 - Patch
References	~~() https://gitlab.freedesktop.org/poppler/poppler/-/issues/1581 -~~	() https://gitlab.freedesktop.org/poppler/poppler/-/issues/1581 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1828 -~~	() https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1828 - Product
References	~~() https://securitylab.github.com/advisories/GHSL-2025-054_poppler/ -~~	() https://securitylab.github.com/advisories/GHSL-2025-054_poppler/ - Exploit, Third Party Advisory
First Time		Freedesktop poppler Freedesktop
CPE		cpe:2.3:a:freedesktop:poppler::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9

03 Jul 2025, 15:13

Type	Values Removed	Values Added
Summary		(es) Poppler es una librería de renderizado de PDF. Las versiones anteriores a la 25.06.0 utilizan `std::atomic_int` para el recuento de referencias. Dado que `std::atomic_int` solo tiene 32 bits, es posible que se sobrepase el recuento de referencias y se active un proceso de use-after-free. La versión 25.06.0 corrige este problema.

02 Jul 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-02 16:15

Updated : 2025-11-04 22:16

NVD link : CVE-2025-52886

Mitre link : CVE-2025-52886

CVE.ORG link : CVE-2025-52886

JSON object : View

Products Affected

freedesktop

poppler

CWE

CWE-416

Use After Free

5.9 /10