CVE-2025-52885
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-10

Last updated on: 2025-11-04

Assigner: GitHub, Inc.

Description
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-10
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-10-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52885
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
poppler poppler *
poppler poppler 25.02.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free issue in the Poppler library versions prior to 25.10.0. It occurs in the StructTreeRoot class due to the use of raw pointers to elements of a std::vector. When the vector resizes, these raw pointers become dangling pointers because the vector reallocates memory and moves its elements, invalidating the stored pointers. This can lead to memory corruption or crashes. The problem arises from how refToParentMap stores references using raw pointers, which become invalid after vector resizing. Version 25.10.0 includes a patch that fixes this issue.


How can this vulnerability impact me? :

This vulnerability can lead to memory corruption or crashes when processing PDF files using the affected Poppler versions. Exploiting this use-after-free flaw could potentially allow an attacker to execute arbitrary code or cause denial of service by triggering invalid memory access during PDF rendering or manipulation.


What immediate steps should I take to mitigate this vulnerability?

Update Poppler to version 25.10.0 or later, as this version contains a patch that fixes the use-after-free vulnerability in the StructTreeRoot class.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart