Advisories » MGASA-2025-0214

Updated poppler packages fix security vulnerabilities

Publication date: 25 Jul 2025
Modification date: 25 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52886

Description

poppler uses std::atomic_int for reference counting. Because it is only
32 bits, it is possible to overflow the reference count and trigger a
use-after-free.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34485
• https://www.openwall.com/lists/oss-security/2025/07/11/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52886

SRPMS

9/core

• poppler-23.02.0-1.7.mga9