Key Information Vulnerability Identifier GHSL ID: GHSL-2025-042 CVE ID: CVE-2025-52885 Vulnerability Type CWE: CWE-416 "Use After Free" Affected Project and Version Project: Poppler Tested Version: 25.02.0 Vulnerability Description Issue: A Use-After-Free (write) vulnerability exists in the class of Poppler. Cause: Raw pointers are used to reference elements of a . When the vector is resized, these pointers may become dangling pointers. Vulnerability Details Affected Method: File: Code Snippet: Issue: In subsequent iterations, the vector may be resized, causing the old pointers to become dangling pointers. Impact Potential Risk: Could be exploited to execute arbitrary code within Poppler. Disclosure Timeline Report Date: 2025-04-03 Merge Request Created: 2025-09-03 Fix Merged: 2025-09-05 Discoverer Discoverer: Antonio Morales (@antonio-morales) Contact Information Contact Email: securitylab@github.com Reference ID: GHSL-2025-042