github · kevinbackhouse · Oct 14, 2025 · Oct 14, 2025
diff --git a/SecurityExploits/freedesktop/poppler-CVE-2025-52885/README.md b/SecurityExploits/freedesktop/poppler-CVE-2025-52885/README.md
@@ -0,0 +1,28 @@
+# Proof of concept for poppler CVE-2025-52885
+
+CVE-2025-52885 is a use-after-free vulnerability in
+[poppler](https://gitlab.freedesktop.org/poppler). The bug is in
+[StructTreeRoot.cc](https://gitlab.freedesktop.org/poppler/poppler/-/blob/2a3135888b6079f0a9fd6410ff65351482087b50/poppler/StructTreeRoot.cc). As
+far as we know, this code is only used when one of poppler's command
+line tools is run with a non-default command line option, so the
+vulnerability does not affect the most common uses of poppler.
+
+This directory contains a poc which triggers the bug. To run it:
+
+```bash
+pdfinfo -struct bug.pdf
+```
+
+In our testing, this causes `pdfinfo` to crash with the following error message:
+
+```
+free(): invalid next size (fast)
+Aborted
+```
+
+## Links:
+
+* https://gitlab.freedesktop.org/poppler/poppler/-/issues/1580
+* https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884
+* https://securitylab.github.com/advisories/GHSL-2025-042_poppler/
+* https://www.openwall.com/lists/oss-security/2025/10/13/2
diff --git a/SecurityExploits/freedesktop/poppler-CVE-2025-52885/bug.pdf b/SecurityExploits/freedesktop/poppler-CVE-2025-52885/bug.pdf