What is the CVSS score of CVE-2025-32364?

CVE-2025-32364 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of Poppler are affected by CVE-2025-32364?

CVE-2025-32364 presents moderate security risk, a integer overflow vulnerability rated CVSS 4.0. Exploitation could cause memory corruption or application crashes.. A patch is available.

Is there a public PoC exploit available for CVE-2025-32364?

Yes, a public proof-of-concept exploit is available for CVE-2025-32364. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-32364?

During next maintenance window: Identify affected systems and apply vendor patches when convenient. Vendor patch is available.

Poppler CVE-2025-32364

MEDIUM

Integer Overflow or Wraparound (CWE-190)

2025-04-05 cve@mitre.org

Denial Of Service Integer Overflow Red Hat Poppler Suse

4.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:35 vuln.today

Patch released

Mar 28, 2026 - 18:35 nvd

Patch available

PoC Detected

Nov 03, 2025 - 20:18 vuln.today

Public exploit code

CVE Published

Apr 05, 2025 - 22:15 nvd

MEDIUM 4.0

DescriptionNVD

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

AnalysisAI

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. Affected products include: Freedesktop Poppler. Version information: before 25.04.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.