Skip to content

Proof of concept for poppler CVE-2025-52885#906

Merged
kevinbackhouse merged 1 commit intogithub:mainfrom
kevinbackhouse:GHSL-2025-042_poppler
Oct 14, 2025
Merged

Proof of concept for poppler CVE-2025-52885#906
kevinbackhouse merged 1 commit intogithub:mainfrom
kevinbackhouse:GHSL-2025-042_poppler

Conversation

@kevinbackhouse
Copy link
Copy Markdown
Contributor

@kevinbackhouse kevinbackhouse commented Oct 14, 2025

Copilot AI review requested due to automatic review settings October 14, 2025 12:01
Copilot AI reviewed Oct 14, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a proof of concept demonstration for CVE-2025-52885, a use-after-free vulnerability in the poppler PDF library. The vulnerability is triggered when using specific command-line options with poppler tools.

  • Adds documentation explaining the CVE-2025-52885 vulnerability in poppler
  • Provides reproduction steps using pdfinfo -struct bug.pdf
  • Includes reference links to the bug report, fix, and security advisory

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@kevinbackhouse kevinbackhouse merged commit 9e2fc2e into github:main Oct 14, 2025
@kevinbackhouse kevinbackhouse deleted the GHSL-2025-042_poppler branch October 14, 2025 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@antonio-morales antonio-morales antonio-morales approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kevinbackhouse @antonio-morales