CVE-2025-52886

CVSS v4.0

6.9

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Poppler versions prior to 25.06.0

Description: The issue is related to the use of std::atomic int for reference counting in the Poppler PDF rendering library. Since std::atomic int is only 32 bits, it is possible to overflow the reference count, which can trigger a use-after-free.

Recommendations: For versions prior to 25.06.0, update to version 25.06.0 to resolve the issue.

Exploit

Fix

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2025-14450

BDU:2025-11228

CVE-2025-52886

ECHO-3D5B-8DCE-6D87

MGASA-2025-0214

OESA-2025-1955

OPENSUSE-SU-2025:15323-1

SUSE-SU-2025:02317-1

SUSE-SU-2025:02318-1

SUSE-SU-2025:02324-1

SUSE-SU-2025:02356-1

SUSE-SU-2025:02357-1

SUSE-SU-2025_02317-1

SUSE-SU-2025_02318-1

SUSE-SU-2025_02324-1

SUSE-SU-2025_02356-1

SUSE-SU-2025_02357-1

USN-7675-1

USN-7687-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Poppler

Red Os

Suse

Ubuntu

CVE-2025-52886

Weakness Enumeration

Related Identifiers

Affected Products

References · 55