CNNVD-202510-1394 Information
CNNVD ID
CNNVD-202510-1394
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
Poppler是Poppler开源的一个PDF渲染库。 Poppler 25.10.0之前版本存在资源管理错误漏洞,该漏洞源于StructTreeRoot类中使用原始指针指向std::vector元素,可能导致释放后重用。
Description (English)
Poppler is a PDF Rendering Library at Popper Source. The previous version of Poppler 25.10.0 had a resource management error loophole, which originated from the use of the original pointer in the StructTreeRoot category to point the std:vector element, which could lead to reuse after release.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
Poppler
Published
2025-10-10
Last Modified
2026-02-24
References
https://securitylab.github.com/advisories/GHSL-2025-042_poppler/ https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884#note_3114334 https://vigilance.fr/vulnerability/Poppler-use-after-free-via-StructTreeRoot-48579
Patch
https://gitlab.freedesktop.org/poppler/poppler/-/blob/master/NEWS
Share on: