Description

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

INFO

Published Date :

2025-07-02T15:46:49.733Z

Last Modified :

2025-07-02T15:59:16.924Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52886 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52886.

URL Resource
https://gitlab.freedesktop.org/poppler/poppler/-/commit/04bd91684ed41d67ae0f10cde0660e4ed74ac203 cve-icon cve-icon cve-icon
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5 cve-icon cve-icon cve-icon
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1581 cve-icon cve-icon cve-icon
https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1828 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-52886 cve-icon
https://securitylab.github.com/advisories/GHSL-2025-054_poppler/ cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-52886 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact