CVE-2025-3154

EUVD-2025-15084
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Debian logo
Debian Releases
Debian Product
Codename
xpdf
bookworm
3.04+git20220601-1
fixed
bullseye
3.04+git20210103-3
fixed
forky
3.04+git20260220-1
fixed
sid
3.04+git20260220-1
fixed
trixie
3.04+git20250304-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpoppler-glib8
suse enterprise server 12 SP3
0.43.0-16.67.1
fixed
libpoppler-qt4-4
suse enterprise server 12 SP3
0.43.0-16.67.1
fixed
libpoppler60
suse enterprise server 12 SP3
0.43.0-16.67.1
fixed
poppler-tools
suse enterprise server 12 SP3
0.43.0-16.67.1
fixed
Common Weakness Enumeration
References
https://www.xpdfreader.com/security-bug/CVE-2025-3154.html