CVE-2025-14408

Name of the Vulnerable Software and Affected Versions Soda PDF Desktop (affected versions not specified)

Description A flaw exists in the parsing of PDF files within Soda PDF Desktop due to insufficient validation of user-supplied data. This can lead to a read past the end of an allocated object, potentially disclosing sensitive information. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger this issue. An attacker could potentially leverage this in combination with other issues to execute arbitrary code within the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.