CVE-2025-46205

HIGH EPSS 28.8%
Published Oct 1, 20259mo ago · Modified Jun 17, 20261w ago
8.1 CVSS 3.1
High
Find Similar
Published Oct 1, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue.

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
28.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 1

VendorProductVersionRange
podofo_projectpodofo*≥0.10.0  –  ≤0.10.5

References 3

  • github.com https://github.com/ShadowByte1/CVE-Reports/blob/main/CVE-2025-46205.md
    ExploitThird Party Advisory
  • github.com https://github.com/ShadowByte1/CVE-Reports/issues/1
  • github.com https://github.com/podofo/podofo
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.