EUVD-2025-19742
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5Description
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
Analysis
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomic_int for reference counting. Because std::atomic_int is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
Technical Context
A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior. This vulnerability is classified as Use After Free (CWE-416).
Affected Products
Affected products: Freedesktop Poppler
Remediation
A vendor patch is available — apply it immediately. Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| oracular | ignored | end of life, was needs-triage |
| upstream | released | 25.06.0 |
| jammy | released | 22.02.0-2ubuntu0.9 |
| noble | released | 24.02.0-1ubuntu9.5 |
| plucky | released | 25.03.0-3ubuntu1.1 |
| bionic | released | 0.62.0-2ubuntu2.14+esm7 |
| focal | released | 0.86.1-0ubuntu1.7+esm1 |
| xenial | released | 0.41.0-0ubuntu1.16+esm7 |
Debian
Bug #1108784| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 20.09.0-3.1+deb11u1 | - |
| bullseye (security) | vulnerable | 20.09.0-3.1+deb11u2 | - |
| bookworm | vulnerable | 22.12.0-2+deb12u1 | - |
| trixie | fixed | 25.03.0-5+deb13u2 | - |
| forky, sid | fixed | 25.03.0-11.1 | - |
| (unstable) | fixed | 25.03.0-5 | - |
Share
External POC / Exploit Code
Leaving vuln.today