CVE-2025-50422

Опубликовано: 04 авг. 2025

Источник: debian

EPSS Низкий

Описание

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

Пакеты

Пакет	Статус	Релиз	Тип
cairo	unfixed		package
cairo	no-dsa	trixie	package
cairo	no-dsa	bookworm	package
cairo	postponed	bullseye	package

Примечания

https://github.com/Landw-hub/CVE-2025-50422
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591
https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621

EPSS

Процентиль: 1%

0.00013

Низкий

Связанные уязвимости

CVE-2025-50422

CVSS3: 2.9

ubuntu

10 дней назад

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

CVE-2025-50422

CVSS3: 3.3

redhat

10 дней назад

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

CVE-2025-50422

CVSS3: 2.9

nvd

10 дней назад

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

GHSA-6f98-2v97-grfv

CVSS3: 6.5

github

10 дней назад

An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory dump.

EPSS

Процентиль: 1%

0.00013

Низкий