CVE-2018-25306: PDFunite 0.41.0 Buffer Overflow via Malformed PDF

Published Apr 29, 2026
·
Updated

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF file to the pdfunite utility.

Affected Software

2 affected components
Poppler pdfunite=0.41.0
Canonical Pdfunite=0.41.0

Event History

Apr 29, 2026
CVE Published
via MITRE·07:24 PM
Data Sourced
via MITRE·07:24 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·08:16 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2018-25306?

CVE-2018-25306 has a medium severity rating due to its impact on application stability when processing malformed PDF files.

2

How do I fix CVE-2018-25306?

To fix CVE-2018-25306, upgrade to an updated version of Poppler that addresses this vulnerability.

3

Who is affected by CVE-2018-25306?

CVE-2018-25306 affects users of Poppler pdfunite version 0.41.0 who utilize the application to merge PDF files.

4

What is the nature of the vulnerability in CVE-2018-25306?

CVE-2018-25306 is a buffer overflow vulnerability that can lead to a segmentation fault when processing malformed PDF files.

5

Can CVE-2018-25306 be exploited remotely?

CVE-2018-25306 requires local access to the application, as attackers must provide a malformed PDF file to exploit it.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203