QwikSec

Security Database

CVE

CWE

Training

CVE-2025-52886

Published: Jul 2, 2025

Modified: Nov 4, 2025

PUBLISHED

Description

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.

Vendor	Product	Versions
poppler	poppler	affected `< 25.06.0`

Weaknesses (CWE)

References

https://securitylab.github.com/advisories/GHSL-2025-054_poppler/

x_refsource_CONFIRM

https://gitlab.freedesktop.org/poppler/poppler/-/commit/04bd91684ed41d67ae0f10cde0660e4ed74ac203

x_refsource_MISC

https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5

x_refsource_MISC

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1581

x_refsource_MISC

https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1828

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.