Primary

Context

PDFunite Buffer Overflow Vulnerability in Poppler Library

Vulnerability

Patched

A buffer overflow vulnerability has been identified in PDFunite version 0.41.0, which is part of the Poppler package in Ubuntu. This vulnerability allows local attackers to crash the application by merging malformed PDF files. The issue arises from improper boundary validation in the XRef::getEntry function within the Poppler library, leading to a segmentation fault when the crafted PDF is processed.

Impact

Exploitation of this vulnerability causes a segmentation fault, crashing the PDFunite application.

Reproduction

The vulnerability can be reproduced by using PDFunite to merge two PDF files, one of which is specially crafted to be malformed. This can be done by creating a PDF that exploits the buffer overflow when processed by PDFunite.

Remediation

Users can upgrade to a patched version of Poppler to address this vulnerability.

Added: Apr 29, 2026, 8:31 PM

Updated: Apr 29, 2026, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.6

remediation

7.7

relevance

7.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.6

remediation

7.7

relevance

7.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PDFunite Buffer Overflow Vulnerability in Poppler Library

Vulnerability

Impact

Reproduction

Remediation

Affected Products

poppler

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating