CVE-2025-52885

CVSS v4.0

6.1

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Poppler versions prior to 25.10.0

Description Poppler is a library used for rendering PDF files and modifying their structure. A use-after-free (write) issue exists due to the use of raw pointers to elements within a std::vector in the StructTreeRoot class. This can result in dangling pointers when the vector is resized. The vulnerability originates from how refToParentMap stores references to std::vector elements using raw pointers, which become invalid upon vector resizing. A std::vector reallocates memory and moves elements when it reaches capacity, invalidating any previously stored raw pointers to those elements.

Recommendations Update to Poppler version 25.10.0 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-02906

CVE-2025-52885

ECHO-7D56-AB20-1EBD

MGASA-2025-0251

OESA-2025-2479

OESA-2025-2480

OESA-2025-2481

OESA-2025-2482

OESA-2025-2483

OESA-2025-2484

OPENSUSE-SU-2025:15648-1

OPENSUSE-SU-2025:20068-1

RHSA-2026:7364

SUSE-SU-2025:21132-1

SUSE-SU-2025:3779-1

SUSE-SU-2025:3900-1

SUSE-SU-2025:3910-1

SUSE-SU-2025_21132-1

USN-7858-1

Affected Products

Debian

Linuxmint

Poppler

Suse

Ubuntu

CVE-2025-52885

Weakness Enumeration

Related Identifiers

Affected Products

References · 55