File tree Expand file tree Collapse file tree 2 files changed +28
-0
lines changed
SecurityExploits/freedesktop/poppler-CVE-2025-52885 Expand file tree Collapse file tree 2 files changed +28
-0
lines changed Original file line number Diff line number Diff line change 1+ # Proof of concept for poppler CVE-2025 -52885
2+
3+ CVE-2025 -52885 is a use-after-free vulnerability in
4+ [ poppler] ( https://gitlab.freedesktop.org/poppler ) . The bug is in
5+ [ StructTreeRoot.cc] ( https://gitlab.freedesktop.org/poppler/poppler/-/blob/2a3135888b6079f0a9fd6410ff65351482087b50/poppler/StructTreeRoot.cc ) . As
6+ far as we know, this code is only used when one of poppler's command
7+ line tools is run with a non-default command line option, so the
8+ vulnerability does not affect the most common uses of poppler.
9+
10+ This directory contains a poc which triggers the bug. To run it:
11+
12+ ``` bash
13+ pdfinfo -struct bug.pdf
14+ ```
15+
16+ In our testing, this causes ` pdfinfo ` to crash with the following error message:
17+
18+ ```
19+ free(): invalid next size (fast)
20+ Aborted
21+ ```
22+
23+ ## Links:
24+
25+ * https://gitlab.freedesktop.org/poppler/poppler/-/issues/1580
26+ * https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884
27+ * https://securitylab.github.com/advisories/GHSL-2025-042_poppler/
28+ * https://www.openwall.com/lists/oss-security/2025/10/13/2
You can’t perform that action at this time.
0 commit comments