Incorrect Provision of Specified Functionality Affecting KDE/skanpage package, versions [,25.11.80)

Q: How to fix?

Upgrade KDE/skanpage to version 25.11.80 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-UNMANAGED-KDESKANPAGE-14123070
published26 Nov 2025
disclosed26 Nov 2025
creditJeff Robertson

Report a new vulnerability Found a mistake?

Introduced: 26 Nov 2025

NewCVE-2025-55174 (opens in a new tab) CWE-684 (opens in a new tab)

How to fix?

Upgrade KDE/skanpage to version 25.11.80 or higher.

Overview

Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality via the DocumentSaver::savePDF process. An attacker can cause unintended disclosure of file contents by triggering a file overwrite operation, resulting in the new file containing residual data from the previous file at the end.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
Low
Availability (VA)
None

Confidentiality (SC)
Low
Integrity (SI)
None
Availability (SA)
None