CVE-2025-32364 – A floating-point exception vulnerability in Pop... (How to Fix)

Q: What is the severity of CVE-2025-32364?

CVE-2025-32364 has a CVSS score of 4.0 (MEDIUM). A floating-point exception vulnerability in Poppler's PSStack::roll function allows attackers to cause denial of service by crashing applications that process malicious PDF files. This affects any application using Poppler for PDF rendering before version 25.04.0. The vulnerability is triggered by malformed inputs associated with INT_MIN values.

📋 TL;DR

A floating-point exception vulnerability in Poppler's PSStack::roll function allows attackers to cause denial of service by crashing applications that process malicious PDF files. This affects any application using Poppler for PDF rendering before version 25.04.0. The vulnerability is triggered by malformed inputs associated with INT_MIN values.

💻 Affected Systems

Products:

Poppler PDF rendering library
Applications using Poppler (e.g., Evince, Okular, PDF viewers)

Versions: All versions before 25.04.0

Operating Systems: Linux, Unix-like systems, Windows (if Poppler is compiled)

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses Poppler to parse PDF files is vulnerable. The vulnerability is in the core library, not dependent on specific configurations.

📦 What is this software?

Poppler by Freedesktop

View all CVEs affecting Poppler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service for PDF processing functionality, potentially disrupting document workflows or services that rely on Poppler.

🟠

Likely Case

Application crash when processing specially crafted PDF files, requiring restart of the affected application.

🟢

If Mitigated

No impact if patched version is used or if input validation prevents malformed PDFs from reaching vulnerable code.

🌐 Internet-Facing: MEDIUM - Applications that accept PDF uploads from untrusted sources could be targeted to cause service disruption.

🏢 Internal Only: LOW - Internal users would need to intentionally craft malicious PDFs to exploit, which is less likely in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a malicious PDF file to trigger the floating-point exception. No authentication is needed if the application processes PDFs from untrusted sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.04.0

Vendor Advisory: https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3

Restart Required: Yes

Instructions:

1. Update Poppler to version 25.04.0 or later. 2. For Linux distributions: Use package manager (apt-get update && apt-get upgrade poppler-utils, yum update poppler, etc.). 3. Recompile applications if using Poppler as a library. 4. Restart affected applications/services.

🔧 Temporary Workarounds

Input validation for PDF files

all

Implement server-side validation to reject malformed PDF files before they reach Poppler processing.

Sandbox PDF processing

linux

Run PDF processing in isolated containers or sandboxes to limit impact of crashes.

🧯 If You Can't Patch

Implement strict file upload restrictions to block potentially malicious PDFs
Monitor application logs for crash events related to PDF processing

🔍 How to Verify

Check if Vulnerable:

Check Poppler version: poppler-utils --version or check library version in applications.

Check Version:

poppler-utils --version 2>/dev/null || echo "Check application dependencies for Poppler version"

Verify Fix Applied:

Confirm Poppler version is 25.04.0 or later and test with known safe PDF files.

📡 Detection & Monitoring

Log Indicators:

Application crashes with floating-point exception errors
Segmentation faults in PDF processing components
Unexpected termination of PDF viewer applications

Network Indicators:

Multiple PDF upload attempts followed by service disruption

SIEM Query:

source="application.logs" AND ("floating-point exception" OR "SIGFPE" OR "poppler crash")

📊 Metadata

CVE ID: CVE-2025-32364

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-190

EPSS Score: 0.09% exploit probability (26.5th percentile)

Published: April 5, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32364, you might also want to check these: