CVE-2025-9394 – A use-after-free vulnerability in PoDoFo's PDF ... (How to Fix)

📋 TL;DR

A use-after-free vulnerability in PoDoFo's PDF dictionary parser allows local attackers to potentially execute arbitrary code or cause denial of service. This affects applications using PoDoFo 1.1.0-dev to parse PDF files. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:

PoDoFo

Versions: 1.1.0-dev (development version)

Operating Systems: All platforms where PoDoFo is used

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the development version 1.1.0-dev. Stable releases are not affected.

📦 What is this software?

Podofo by Podofo Project

View all CVEs affecting Podofo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise through arbitrary code execution.

🟠

Likely Case

Application crash or denial of service when processing malicious PDF files.

🟢

If Mitigated

Limited impact due to local-only exploitation requirement and proper sandboxing.

🌐 Internet-Facing: LOW - Requires local host access, cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Local attackers could exploit this if they have access to run applications using PoDoFo.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details are publicly available but require local access. Attack involves manipulating PDF parsing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 22d16cb142f293bf956f66a4d399cdd65576d36c

Vendor Advisory: https://github.com/podofo/podofo/issues/275

Restart Required: No

Instructions:

1. Update PoDoFo to version containing commit 22d16cb142f293bf956f66a4d399cdd65576d36c
2. Recompile any applications using PoDoFo with the updated library
3. Replace existing PoDoFo installations with patched version

🔧 Temporary Workarounds

Restrict PDF processing

all

Limit PDF file processing to trusted sources only

Sandbox PDF processing

all

Run applications using PoDoFo in isolated containers or sandboxes

🧯 If You Can't Patch

Implement strict access controls to limit who can run applications using PoDoFo
Monitor for crashes or unusual behavior in applications processing PDF files

🔍 How to Verify

Check if Vulnerable:

Check if PoDoFo version is 1.1.0-dev and commit hash is before 22d16cb142f293bf956f66a4d399cdd65576d36c

Check Version:

Check PoDoFo version in build configuration or library metadata

Verify Fix Applied:

Verify PoDoFo installation includes commit 22d16cb142f293bf956f66a4d399cdd65576d36c

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing PDF files
Memory access violation errors in logs

Network Indicators:

None - local-only vulnerability

SIEM Query:

Search for process crashes related to PDF parsing applications

📊 Metadata

CVE ID: CVE-2025-9394

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.04% exploit probability (10.2th percentile)

Published: August 24, 2025

Last Updated: September 12, 2025

🔗 References

https://drive.google.com/file/d/1edJH17GAiK9R441Gjyj8tiV_2ptoL16U/view?usp=sharing Exploit
https://github.com/podofo/podofo/commit/22d16cb142f293bf956f66a4d399cdd65576d36c Patch
https://github.com/podofo/podofo/issues/275 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.321227 Permissions Required,VDB Entry
https://vuldb.com/?id.321227 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.632364 Exploit,Third Party Advisory,VDB Entry
https://vuldb.com/?submit.632365 Exploit,Third Party Advisory,VDB Entry
https://github.com/podofo/podofo/issues/275 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?submit.632364 Exploit,Third Party Advisory,VDB Entry
https://vuldb.com/?submit.632365 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9394, you might also want to check these: