Bug#1117853: poppler: CVE-2025-52885
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 11 20:03:35 BST 2025
Source: poppler
Version: 25.03.0-10
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for poppler.
CVE-2025-52885[0]:
| Poppler ia a library for rendering PDF files, and examining or
| modifying their structure. A use-after-free (write) vulnerability
| has been detected in versions Poppler prior to 25.10.0 within the
| StructTreeRoot class. The issue arises from the use of raw pointers
| to elements of a `std::vector`, which can lead to dangling pointers
| when the vector is resized. The vulnerability stems from the way
| that refToParentMap stores references to `std::vector` elements
| using raw pointers. These pointers may become invalid when the
| vector is resized. This vulnerability is a common security problem
| involving the use of raw pointers to `std::vectors`. Internally,
| `std::vector `stores its elements in a dynamically allocated array.
| When the array reaches its capacity and a new element is added, the
| vector reallocates a larger block of memory and moves all the
| existing elements to the new location. At this point if any pointers
| to elements are stored before a resize occurs, they become dangling
| pointers once the reallocation happens. Version 25.10.0 contains a
| patch for the issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-52885
https://www.cve.org/CVERecord?id=CVE-2025-52885
[1] https://securitylab.github.com/advisories/GHSL-2025-042_poppler/
[2] https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884
[3] https://gitlab.freedesktop.org/poppler/poppler/-/commit/4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-freedesktop-maintainers
mailing list