GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886
Published Jul 1, 2025
·Updated
poppler uses std::atomicint for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free.
Affected Software
1 affected component
Poppler Poppler
Event History
Jul 1, 2025
Advisory Published
via GitHub Security Lab·12:00 AM
Data Sourced
via GitHub Security Lab·12:00 AM
DescriptionWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of GHSL-2025-054?
The severity is rated as 50, indicating a significant risk associated with the vulnerability.
2
How do I fix GHSL-2025-054?
To fix GHSL-2025-054, you should update Poppler to the latest version where the vulnerability has been addressed.
3
What type of vulnerability is GHSL-2025-054?
GHSL-2025-054 is classified as a Use After Free (UAF) vulnerability due to integer overflow in reference counting.
4
What software is affected by GHSL-2025-054?
The vulnerability GHSL-2025-054 affects Poppler, a popular PDF rendering library.
5
What are the implications of GHSL-2025-054?
The implications of GHSL-2025-054 include potential exploitation leading to memory corruption and possible arbitrary code execution.