Unrated severityNVD Advisory· Published Oct 1, 2025· Updated Oct 27, 2025

CVE-2025-46205

Description

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue.

Affected products

podofo/podofodescription
Podofo Project/Podofollm-fuzzy
Range: 0.10.0 to 0.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ShadowByte1/CVE-Reports/blob/main/CVE-2025-46205.mdmitre
github.com/ShadowByte1/CVE-Reports/issues/1mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000