{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-50422", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-08-10T00:59:19.048Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2025-08-04T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Cairo", "vendor": "cairographics", "versions": [{"lessThanOrEqual": "1.18.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Cairo through 1.18.4, as used in Poppler through 25.08.0, has an \"unscaled->face == NULL\" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-08-10T00:59:19.048Z"}, "references": [{"url": "https://github.com/Landw-hub/CVE-2025-50422"}, {"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591"}, {"url": "https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621"}, {"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591#note_3045081"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.18.4"}]}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-244", "lang": "en", "description": "CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-05T16:52:41.408490Z", "id": "CVE-2025-50422", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-05T16:53:11.229Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-50422", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-05T16:52:41.408490Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-244", "description": "CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T19:35:23.215Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "cairographics", "product": "Cairo", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.18.4"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/Landw-hub/CVE-2025-50422"}, {"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591"}, {"url": "https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621"}, {"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591#note_3045081"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "Cairo through 1.18.4, as used in Poppler through 25.08.0, has an \"unscaled->face == NULL\" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.18.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-08-10T00:59:19.048Z"}}}, "cveMetadata": {"cveId": "CVE-2025-50422", "state": "PUBLISHED", "dateUpdated": "2025-08-10T00:59:19.048Z", "dateReserved": "2025-06-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-08-04T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cairo through 1.18.4, as used in Poppler through 25.08.0, has an \"unscaled->face == NULL\" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c."}, {"lang": "es", "value": "Se detect\u00f3 un problema en freedesktop poppler v25.04.0. La memoria del mont\u00f3n que contiene los objetos de flujo PDF no se borra al salir del programa, lo que permite a los atacantes obtener contenido PDF confidencial mediante un volcado de memoria."}], "id": "CVE-2025-50422", "lastModified": "2025-08-10T02:15:26.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-04T17:15:30.813", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Landw-hub/CVE-2025-50422"}, {"source": "cve@mitre.org", "url": "https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621"}, {"source": "cve@mitre.org", "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591"}, {"source": "cve@mitre.org", "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591#note_3045081"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "cve@mitre.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-244"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "poppler: Poppler crash on malformed input", "id": "2386347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386347"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["A PDF parsing flaw has been discovered in poppler. This flaw may allow an attacker who can craft a malicious pdf file to induce a crash if they can convince their target to open the crafted pdf."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-50422", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "compat-poppler022", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "poppler", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-50422\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-50422\nhttp://freedesktop.com\nhttp://poppler.com\nhttps://github.com/Landw-hub/CVE-2025-50422\nhttps://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621\nhttps://gitlab.freedesktop.org/poppler/poppler/-/issues/1591"], "threat_severity": "Low"}