CVE-2025-50422: Low severity Cairo Cairo vulnerability

Q: What is the severity of CVE-2025-50422?

CVE-2025-50422 has a high severity rating due to its potential for exposing sensitive PDF content.

Q: How do I fix CVE-2025-50422?

To fix CVE-2025-50422, update to the latest version of Freedesktop poppler where the issue has been addressed.

Q: What type of vulnerability is CVE-2025-50422?

CVE-2025-50422 is a memory management vulnerability that allows sensitive data exposure.

Q: Who is affected by CVE-2025-50422?

CVE-2025-50422 affects users of Freedesktop poppler v25.04.0 and possibly earlier versions.

Q: How can attackers exploit CVE-2025-50422?

Attackers can exploit CVE-2025-50422 by performing a memory dump after the program exits to retrieve sensitive PDF stream objects.

Published Aug 4, 2025

Updated

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c.

Affected Software

2 affected components

Cairo Cairo<=1.18.4

Poppler Poppler<=25.08.0

Event History

Aug 4, 2025

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·05:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2025-50422?

CVE-2025-50422 has a high severity rating due to its potential for exposing sensitive PDF content.

How do I fix CVE-2025-50422?

To fix CVE-2025-50422, update to the latest version of Freedesktop poppler where the issue has been addressed.

What type of vulnerability is CVE-2025-50422?

CVE-2025-50422 is a memory management vulnerability that allows sensitive data exposure.

Who is affected by CVE-2025-50422?

CVE-2025-50422 affects users of Freedesktop poppler v25.04.0 and possibly earlier versions.

How can attackers exploit CVE-2025-50422?