CVE-2025-32364
published 2025-04-05CVE-2025-32364: A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated…
PriorityP415medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.22%
12.0th percentile
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 22.12.0-2+deb12u1 (bookworm) | poppler 22.12.0-2+deb12u1 (bookworm) |
| freedesktop | poppler | < 25.04.0 | 25.04.0 |
| freedesktop | poppler | >= 0 < 20.09.0-3.1+deb11u2 | 20.09.0-3.1+deb11u2 |
| freedesktop | poppler | >= 0 < 22.12.0-2+deb12u1 | 22.12.0-2+deb12u1 |
| freedesktop | poppler | >= 0 < 25.03.0-3 | 25.03.0-3 |
| freedesktop | poppler | >= 0 < 25.03.0-3 | 25.03.0-3 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_debian4.0MEDIUM
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2025-04-09
CVE-2025-32365 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler could be made to crash if it opened a specially crafted PDF file.
USN-7426-1 fixed several vulnerabilities in poppler. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that poppler incorrectly handled memory when opening
certain PDF files. An attacker could possibly use this issue to cause
poppler to crash, resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2025-04-08
CVE-2025-32365 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler could be made to crash if it opened a specially crafted PDF file.
It was discovered that poppler incorrectly handled memory when opening
certain PDF files. An attacker could possibly use this issue to cause
poppler to crash, resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
poppler: Floating-Point Exception in Poppler
vendor_redhat·2025-04-05·CVSS 4.0
CVE-2025-32364 [MEDIUM] CWE-190 poppler: Floating-Point Exception in Poppler
poppler: Floating-Point Exception in Poppler
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
A flaw was found in Poppler. This vulnerability allows a denial of service (application crash) via malformed input that triggers a floating-point exception involving INT_MIN.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: poppler (Red Hat Enterprise Linux 10) - Fix deferred
Package: poppler (Red Hat Enterprise Linux 6) - Out of support scope
Package: compat-poppler0
Debian
CVE-2025-32364: poppler - A floating-point exception in the PSStack::roll function of Poppler before 25.04...
vendor_debian·2025·CVSS 4.0
CVE-2025-32364 [MEDIUM] CVE-2025-32364: poppler - A floating-point exception in the PSStack::roll function of Poppler before 25.04...
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
Scope: local
bookworm: resolved (fixed in 22.12.0-2+deb12u1)
bullseye: resolved (fixed in 20.09.0-3.1+deb11u2)
forky: resolved (fixed in 25.03.0-3)
sid: resolved (fixed in 25.03.0-3)
trixie: resolved (fixed in 25.03.0-3)
GHSA
GHSA-69gq-2xc5-f33j: A floating-point exception in the PSStack::roll function of Poppler before 25
ghsa_unreviewed·2025-04-07
CVE-2025-32364 [MEDIUM] CWE-190 GHSA-69gq-2xc5-f33j: A floating-point exception in the PSStack::roll function of Poppler before 25
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
OSV
CVE-2025-32364: A floating-point exception in the PSStack::roll function of Poppler before 25
osv·2025-04-05·CVSS 5.5
CVE-2025-32364 [MEDIUM] CVE-2025-32364: A floating-point exception in the PSStack::roll function of Poppler before 25
A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-05
Published