VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-hnnx-bs3x-cyhw

Essentials
Severities (70)
References (11)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-hnnx-bs3x-cyhw
Aliases	CVE-2025-32364
Summary	A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
Status	Published
Exploitability	0.5
Weighted Severity	3.6
Risk	1.8
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
cvssv3	4.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32364.json
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00019	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
epss	0.00028	https://api.first.org/data/v1/epss?cve=CVE-2025-32364
cvssv3.1	4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4	https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3
ssvc	Track	https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3
cvssv3.1	4	https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
ssvc	Track	https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32364.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-32364
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3
		https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
1102190		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102190
2357657		https://bugzilla.redhat.com/show_bug.cgi?id=2357657
CVE-2025-32364		https://nvd.nist.gov/vuln/detail/CVE-2025-32364
USN-7426-1		https://usn.ubuntu.com/7426-1/
USN-7426-2		https://usn.ubuntu.com/7426-2/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32364.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T16:06:56Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T16:06:56Z/ Found at https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574

Exploit Prediction Scoring System (EPSS)

Percentile	0.01039
EPSS Score	0.00013
Published At	April 6, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-04-06T07:11:25.818427+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2025-32364	36.0.0