GHSL-2025-042: Use After Free (UAF) in Poppler - CVE-2025-52885
Published Oct 10, 2025
·Updated
A use-after-free (write) vulnerability has been detected in Poppler within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which can lead to dangling pointers when the vector is resized.
Affected Software
1 affected component
Poppler Poppler
Event History
Oct 10, 2025
Advisory Published
via GitHub Security Lab·12:00 AM
Data Sourced
via GitHub Security Lab·12:00 AM
DescriptionWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of GHSL-2025-042?
The severity of GHSL-2025-042 is assessed as 55.
2
How do I fix GHSL-2025-042?
To fix GHSL-2025-042, update to the patched version of Poppler that addresses the use-after-free vulnerability.
3
What is the impact of GHSL-2025-042?
The impact of GHSL-2025-042 can lead to potential memory corruption, crashes, or even arbitrary code execution.
4
Which class is affected by GHSL-2025-042?
The StructTreeRoot class in Poppler is affected by GHSL-2025-042.
5
What causes GHSL-2025-042?
GHSL-2025-042 is caused by the use of raw pointers to elements of a std::vector, leading to dangling pointers when the vector is resized.