CVE-2025-9394
BaseFortify
Publication date: 2025-08-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| podofo_project | podofo | 1.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or abnormal behavior in applications using the PoDoFo PDF library, especially the podofoencrypt tool, when processing PDF files. Since the vulnerability is triggered by malformed PDF files with specific dictionary structures, fuzz testing PDF inputs or using AddressSanitizer-enabled builds of PoDoFo to detect heap-use-after-free errors can help identify the issue. There are no specific network commands provided, but locally, running podofoencrypt on suspicious or crafted PDF files and observing for SIGABRT crashes or memory errors can indicate presence of the vulnerability. [2, 5]
Can you explain this vulnerability to me?
CVE-2025-9394 is a use-after-free vulnerability in the PoDoFo PDF library, specifically in the PdfTokenizer component responsible for parsing PDF dictionary structures. The flaw occurs because the parser mishandles memory management of PdfName objects during dictionary parsing, prematurely freeing memory that is still accessed later. This happens due to improper shared pointer reference counting of internal NameData objects. Additionally, the vulnerability can be triggered by malformed PDFs with deeply nested dictionaries causing stack exhaustion and heap corruption. Exploiting this flaw can lead to program crashes, memory corruption, and potentially arbitrary code execution. [1, 2, 3, 4, 5]
How can this vulnerability impact me? :
This vulnerability can cause heap corruption and program crashes when processing specially crafted malformed PDF files. Because it is a use-after-free flaw, it may also enable attackers to execute arbitrary code within the PoDoFo PDF parsing engine. The impact affects confidentiality, integrity, and availability of the affected system. The attack requires local access and can be triggered via tools like podofoencrypt. Without applying the patch, systems using vulnerable PoDoFo versions are at risk of exploitation leading to unexpected behavior or compromise. [2, 3, 5]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit 22d16cb142f293bf956f66a4d399cdd65576d36c available on the PoDoFo GitHub repository. This patch fixes the use-after-free by improving error handling in the PdfTokenizer::DetermineDataType function. Additionally, avoid processing untrusted or malformed PDF files with vulnerable versions of PoDoFo, and consider updating to a fixed version once available. Limiting local access to systems running vulnerable PoDoFo versions can also reduce risk. [1, 3]