github · kevinbackhouse · Jul 2, 2025 · Jul 2, 2025
diff --git a/SecurityExploits/freedesktop/poppler-CVE-2025-52886/.gitignore b/SecurityExploits/freedesktop/poppler-CVE-2025-52886/.gitignore
@@ -0,0 +1 @@
+pdfgen
diff --git a/SecurityExploits/freedesktop/poppler-CVE-2025-52886/Makefile b/SecurityExploits/freedesktop/poppler-CVE-2025-52886/Makefile
@@ -0,0 +1,2 @@
+pdfgen: pdfgen.cpp utils.cpp utils.h
+	g++ -Wall -Wextra -g -O0 pdfgen.cpp utils.cpp -lz -o pdfgen
diff --git a/SecurityExploits/freedesktop/poppler-CVE-2025-52886/README.md b/SecurityExploits/freedesktop/poppler-CVE-2025-52886/README.md
@@ -0,0 +1,25 @@
+# Proof of concept for poppler CVE-2025-52886
+
+CVE-2025-52886 is a use-after-free vulnerability in
+[poppler](https://gitlab.freedesktop.org/poppler), caused by a
+reference count overflow. Reference counting was done with a 32-bit
+counter, which meant it was feasible to overflow the counter. In my
+testing, it took approximately 12 hours to overflow the counter
+though, so the risk of exploitation was low.
+
+This directory contains the code for building the proof-of-concept. To
+run it:
+
+```bash
+make
+./pdfgen > poc.pdf
+```
+
+Notice that the size of the generated PDF is only 3104 bytes.  Now try
+to either open the PDF or run a command line application like
+`pdftohtml` on it.
+
+## Links:
+
+* https://gitlab.freedesktop.org/poppler/poppler/-/issues/1581
+* https://securitylab.github.com/advisories/GHSL-2025-054_poppler/
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		pdfgen: pdfgen.cpp utils.cpp utils.h
		g++ -Wall -Wextra -g -O0 pdfgen.cpp utils.cpp -lz -o pdfgen