CVE-2025-32364: A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs...

4.0 CVSS

Description

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.

Classification

CVE ID: CVE-2025-32364

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.0

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem Types

CWE-190 Integer Overflow or Wraparound

Affected Products

Vendor: freedesktop

Product: Poppler

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.76% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32364
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3

Timeline

2025-04-05 23:40:12 UTC
CVE

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs...
2025-04-18 15:45:31 UTC
Tenable Plugins

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2025:1342-1)
2025-04-18 15:45:34 UTC
Tenable Plugins

SUSE SLED15 / SLES15 Security Update : poppler (SUSE-SU-2025:1339-1)