CVE-2025-14410

Name of the Vulnerable Software and Affected Versions Soda PDF Desktop (affected versions not specified)

Description A flaw exists in the parsing of PDF files within Soda PDF Desktop, stemming from insufficient validation of user-supplied data. This can lead to a read past the end of an allocated object, potentially disclosing sensitive information. User interaction is required, specifically the target must open a malicious file or visit a malicious page. An attacker could potentially leverage this issue, in combination with other flaws, to execute arbitrary code within the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.