{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-52885","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-06-20T17:42:25.708Z","datePublished":"2025-10-10T22:11:20.494Z","dateUpdated":"2025-11-04T21:11:41.075Z"},"containers":{"cna":{"title":"GHSL-2025-042: Poppler has Use-After-Free","problemTypes":[{"descriptions":[{"cweId":"CWE-416","lang":"en","description":"CWE-416: Use After Free","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U","version":"4.0"}}],"references":[{"name":"https://securitylab.github.com/advisories/GHSL-2025-042_poppler/","tags":["x_refsource_CONFIRM"],"url":"https://securitylab.github.com/advisories/GHSL-2025-042_poppler/"},{"name":"https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884","tags":["x_refsource_MISC"],"url":"https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884"},{"name":"https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884#note_3114334","tags":["x_refsource_MISC"],"url":"https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884#note_3114334"}],"affected":[{"vendor":"poppler","product":"poppler","versions":[{"version":"< 25.10.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-10-10T22:11:20.494Z"},"descriptions":[{"lang":"en","value":"Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue."}],"source":{"advisory":"GHSA-wm8r-hcrq-6fqf","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-14T14:59:44.878328Z","id":"CVE-2025-52885","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-14T14:59:55.528Z"}},{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2025/10/13/2"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T21:11:41.075Z"}}]}}