CVE-2025-9394 | PDF library PoDoFo 1.1.0-dev PDF Dictionary Parser PdfTokenizer.cpp DetermineDataType use after free (275/276)

Inserito da Angelo Barbosa | Ago 23, 2025 | CVE

A vulnerability labeled as critical has been found in PDF library PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free.

This vulnerability is handled as CVE-2025-9394. It is possible to launch the attack on the local host. Additionally, an exploit exists.

A patch should be applied to remediate this issue.

CVE-2025-9394 | PDF library PoDoFo 1.1.0-dev PDF Dictionary Parser PdfTokenizer.cpp DetermineDataType use after free (275/276)

Post correlati

CVE-2023-47618 | TP-Link ER7206 Omada Gigabit VPN Router 1.3.0 Build 20230322 Rel.70591 Web Filtering os command injection (TALOS-2023-1859)

CVE-2024-57386 | Wallos 2.41.0 Profile Picture cross site scripting

CVE-2025-0194 | GitLab Community Edition/Enterprise Edition up to 17.5.0/17.6.0/17.7.0 API Request file information disclosure (Issue 489459)

CVE-2025-27563 | OpenHarmony up to 5.0.3 permissions