CVE-2025-46205Use After Free in Project Podofo

CWE-416Use After Free4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 82.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Podofo Project PodofoDebian Libpodofo
Timeline
PublishedOct 1

Description

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDpodofo_project/podofo0.10.00.10.5

🔴Vulnerability Details

2
GHSA
GHSA-7q72-8f9r-v4mw: A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v02025-10-01
OSV
CVE-2025-46205: A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v02025-10-01

📋Vendor Advisories

1
Debian
CVE-2025-46205: libpodofo - A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0....2025
CVE-2025-46205 — Use After Free in Project Podofo | cvebase