CVE-2025-52885
published 2025-10-10CVE-2025-52885: Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions…
PriorityP427medium6.1CVSS 4.0
AVLACLATNPRNUINVCHVIHVAHSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.16%
5.1th percentile
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 25.03.0-11.1 (forky) | poppler 25.03.0-11.1 (forky) |
| freedesktop | poppler | >= 0 < 25.03.0-11.1 | 25.03.0-11.1 |
| linux | linux_kernel | >= 0 < 4.15.0-240.252 | 4.15.0-240.252 |
| poppler | poppler | < 25.10.0 | 25.10.0 |
CVSS provenance
nvdv4.06.1MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.8HIGH
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-52885: Poppler ia a library for rendering PDF files, and examining or modifying their structure
osv·2025-10-10·CVSS 6.1
CVE-2025-52885 [MEDIUM] CVE-2025-52885: Poppler ia a library for rendering PDF files, and examining or modifying their structure
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector re
OSV
linux-oracle vulnerabilities
osv·2025-08-13·CVSS 7.8
CVE-2025-37797 linux-oracle vulnerabilities
linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2025-37797, CVE-2024-49950, CVE-2024-56748, CVE-2023-52975,
CVE-2024-50073, CVE-2023-52885, CVE-2023-52757, CVE-2024-38541,
CVE-2024-53239, CVE-2024-49883)
OSV
linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips vulnerabilities
osv·2025-08-05·CVSS 7.8
linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips vulnerabilities
linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2023-52975, CVE-2024-56748, CVE-2023-52885, CVE-2025-37797,
CVE-2024-50073, CVE-2024-49950, CVE-2024-49883, CVE-2024-38541,
CVE-2023-52757, CVE-2024-53239)
OSV
linux-azure vulnerabilities
osv·2025-08-05·CVSS 7.8
CVE-2023-52975 linux-azure vulnerabilities
linux-azure vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2023-52975, CVE-2024-38541, CVE-2024-50073, CVE-2024-53239,
CVE-2023-52757, CVE-2024-49883, CVE-2025-37797, CVE-2023-52885,
CVE-2024-49950, CVE-2024-56748)
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm vulnerabilities
osv·2025-08-05·CVSS 7.8
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-53239, CVE-2023-52975, CVE-2024-38541, CVE-2023-52885,
CVE-2024-49883, CVE-2025-37797, CVE-2023-52757, CVE-2024-56748,
CVE-2024-49950, CVE-2024-50073)
OSV
linux-oracle vulnerabilities
osv·2025-08-05·CVSS 7.8
CVE-2024-38541 linux-oracle vulnerabilities
linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-38541, CVE-2024-49883, CVE-2023-52757, CVE-2024-49950,
CVE-2024-53239, CVE-2023-52885, CVE-2024-56748, CVE-2023-52975,
CVE-2024-50073, CVE-2025-37797)
Ubuntu
poppler vulnerability
vendor_ubuntu·2025-11-05
CVE-2025-52885 poppler vulnerability
Title: poppler vulnerability
Summary: poppler could be made to crash if it opened a specially crafted file.
It was discovered that poppler incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a crash.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
poppler: Use-After-Free in StructTreeRoot class
vendor_redhat·2025-10-10·CVSS 6.1
CVE-2025-52885 [MEDIUM] CWE-416 poppler: Use-After-Free in StructTreeRoot class
poppler: Use-After-Free in StructTreeRoot class
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its c
Debian
CVE-2025-52885: poppler - Poppler ia a library for rendering PDF files, and examining or modifying their s...
vendor_debian·2025·CVSS 6.1
CVE-2025-52885 [MEDIUM] CVE-2025-52885: poppler - Poppler ia a library for rendering PDF files, and examining or modifying their s...
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector re
No detection rules found.
No public exploits indexed.
2025-10-10
Published