We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-52886

Poppler Use After Free Vulnerability



Description

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

Reserved 2025-06-20 | Published 2025-07-02 | Updated 2025-07-02 | Assigner GitHub_M


MEDIUM: 5.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-416: Use After Free

Product status

< 25.06.0
affected

References

securitylab.github.com/advisories/GHSL-2025-054_poppler/

gitlab.freedesktop.org/...684ed41d67ae0f10cde0660e4ed74ac203

gitlab.freedesktop.org/...fcc8486de38e8905a8d6547a3464ff46e5

gitlab.freedesktop.org/poppler/poppler/-/issues/1581

gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1828

cve.org (CVE-2025-52886)

nvd.nist.gov (CVE-2025-52886)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-52886

Support options

Helpdesk Chat, Email, Knowledgebase