CVE Vulnerabilities

CVE-2025-50422

Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Published: Aug 04, 2025 | Modified: Aug 05, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
3.3 LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory dump.

Weakness

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

References