CVE-2025-32364 - Poppler PSStack::roll Function Floating-Point Exception Vulnerability: Exploit Details, Code Snippet, and References

A critical vulnerability, identified as CVE-2025-32364, has been discovered in the PSStack::roll function of Poppler, an open-source PDF rendering library. This vulnerability affects versions before 25.04. and can lead to an application crash due to a floating-point exception when handling malformed inputs associated with INT_MIN.

In this post, we will dive deep into the details of this vulnerability, provide the code snippet related to it, and discuss the exploit details to understand its impact better. It is essential for developers and system administrators to know about this vulnerability and apply the necessary fixes to prevent potential threats.

Vulnerability Details

The vulnerability is a floating-point exception caused by the PSStack::roll function when handling specific malformed inputs in Poppler. An attacker with malicious intent can exploit this vulnerability to crash an application using the Poppler library. Applications that rely on Poppler, like some document viewers and PDF converters, are at risk of being compromised. By triggering this vulnerability, an attacker could cause a denial of service (DoS) for the affected systems.

Code Snippet

The vulnerability originates from the PSStack::roll function within the PSStack.cc file of the Poppler library, as shown below:

void PSStack::roll() {
  int i, j, n;
  PSObject tmp;

  if (top < 2) {
    return;
  }
  i = stack[top - 2].getInt();
  j = stack[top - 1].getInt();
  if (i < 1 || i >= top || j == ) {
    return;
  }
  if (j > ) {
    n = (top - i) % j;
  } else {
    n = (-j - (top - i) % -j) % -j;
  }
  while (n--) {
    tmp = stack[top - 1];
    for (int k = top - 1; k > top - i; --k) {
      stack[k] = stack[k - 1];
    }
    stack[top - i] = tmp;
  }
}

The vulnerability is associated with the handling of i and j variables, which are initialized with values from the stack. The issue arises when the inputs are malformed and associated with INT_MIN, causing a floating-point exception in the application due to improper handling.

Exploit Details

To exploit this vulnerability, an attacker needs to feed a malformed input with values associated with INT_MIN to cause the floating-point exception ultimately. An application using the Poppler library for rendering PDFs would crash when rendering the malformed PDF containing the exploit.

Original References

1. The CVE-2025-32364 vulnerability details can be found in the Common Vulnerabilities and Exposures (CVE) database: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364

2. The detailed explanation and patch for this vulnerability can be found in the original advisory released by Poppler developers: https://poppler.freedesktop.org/releases.html

3. The source code and official documentation for the Poppler project can be found on their GitLab page: https://gitlab.freedesktop.org/poppler/poppler

Conclusion

CVE-2025-32364 is a critical vulnerability in Poppler, which can lead to an application crash when handling malformed inputs associated with INT_MIN. As this vulnerability affects an essential open-source PDF rendering library used by various applications, it is crucial to apply the necessary fixes and update the library to the latest version (25.04. or later) to minimize potential threats. By becoming aware of this issue and applying the appropriate patch, developers and system administrators can keep their systems secure and prevent potential breaches.

Timeline

Published on: 04/05/2025 22:15:18 UTC
Last modified on: 04/07/2025 14:17:50 UTC