Poppler up to 25.04.0 std::atomic_int use after free

Summaryinfo

A vulnerability was found in Poppler. It has been rated as critical. Affected is the function std::atomic_int. Performing a manipulation results in use after free. This vulnerability was named CVE-2025-52886. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Detailsinfo

A vulnerability, which was classified as critical, was found in Poppler. This affects the function std::atomic_int. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on availability. The summary by CVE is:

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

It is possible to read the advisory at securitylab.github.com. This vulnerability is uniquely identified as CVE-2025-52886 since 06/20/2025. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 242156 (SUSE SLES12 Security Update : poppler (SUSE-SU-2025:02317-1)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 25.06.0 eliminates this vulnerability. Applying the patch 04bd91684ed41d67ae0f10cde0660e4ed74ac203 is able to eliminate this problem. The bugfix is ready for download at gitlab.freedesktop.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (242156) and EUVD (EUVD-2025-19742). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Document Reader Software

Name

• Poppler

Version

• 0.1
• 0.1.1
• 0.1.2
• 0.2.0
• 0.3.0
• 0.3.1
• 0.3.2
• 0.3.3
• 0.4.0
• 0.4.1
• 0.4.2
• 0.4.3
• 0.4.4
• 0.5.0
• 0.5.1
• 0.5.2
• 0.5.3
• 0.5.4
• 0.5.9
• 0.5.90
• 0.5.91
• 0.6.0
• 0.6.1
• 0.6.2
• 0.6.3
• 0.6.4
• 0.7.0
• 0.7.1
• 0.7.2
• 0.7.3
• 0.8.0
• 0.8.4
• 0.8.7
• 0.9.0
• 0.9.1
• 0.9.2
• 0.9.3
• 0.10.0
• 0.10.1
• 0.10.2
• 0.10.3
• 0.10.4
• 0.10.5
• 0.10.6
• 0.10.7
• 0.11.0
• 0.11.1
• 0.11.2
• 0.11.3
• 0.12.0
• 0.12.1
• 0.12.2
• 0.12.3
• 0.12.4
• 0.13.0
• 0.13.1
• 0.13.2
• 0.13.3
• 0.13.4
• 0.14.0
• 0.14.1
• 0.14.2
• 0.14.3
• 0.14.4
• 0.14.5
• 0.15.0
• 0.15.1
• 0.16.3
• 0.17.3
• 0.21.4
• 0.22.0
• 0.24.0
• 0.24.1
• 0.24.2
• 0.24.3
• 0.24.5
• 0.40.0
• 0.53.0
• 0.54.0
• 0.56
• 0.59.0
• 0.68.0
• 0.70.0
• 0.71.0
• 0.72.0
• 0.73.0
• 0.74.0
• 0.75.0
• 0.76.0
• 0.89.0
• 20.12.1
• 22.03.0
• 22.07.0
• 22.08.0
• 23.06.0
• 25.04.0

License

• open-source

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion