Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-9394

Good to know:

icon
icon

Date: August 24, 2025

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue.

Severity Score

Related Resources (10)

https://nvd.nist.gov/vuln/detail/CVE-2025-9394
https://vuldb.com/?ctiid.321227
https://github.com/podofo/podofo/commit/22d16cb142f293bf956f66a4d399cdd65576d36c
https://vuldb.com/?submit.632364
https://security-tracker.debian.org/tracker/CVE-2025-9394
https://github.com/podofo/podofo/issues/275
https://vuldb.com/?id.321227
https://vuldb.com/?submit.632365
https://drive.google.com/file/d/1edJH17GAiK9R441Gjyj8tiV_2ptoL16U/view?usp=sharing
https://www.mend.io/vulnerability-database/CVE-2025-9394

Severity Score

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Use After Free

CWE-416

Top Fix

icon

Upgrade Version

Upgrade to version podofo - null

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us