CVE-2025-43718

CVSS v3.1

2.9

Low

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Poppler versions 24.06.1 through 25.04.0

Description The software is susceptible to a stack consumption issue leading to a SIGSEGV signal. This occurs when processing PDF documents containing deeply nested structures within their metadata, such as the GTS PDFEVersion field. The issue is present in functions including Dict::lookup, Catalog::getMetadata, and related functions within PDFDoc, specifically due to deep recursion in the regular expression executor (std:: detail:: Executor).

Recommendations Update to version 25.04.0 or later.

Exploit

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

BDU:2026-02903

CVE-2025-43718

ECHO-3E3B-EA76-5BA5

OESA-2025-2479

OESA-2025-2480

OESA-2025-2481

OESA-2025-2482

OESA-2025-2483

OESA-2025-2484

RHSA-2026:7364

SUSE-SU-2025:3779-1

SUSE-SU-2025:3898-1

SUSE-SU-2025:3900-1

SUSE-SU-2025:3910-1

SUSE-SU-2025_3779-1

SUSE-SU-2025_3900-1

SUSE-SU-2025_3910-1

USN-7803-1

Affected Products

Debian

Linuxmint

Poppler

Suse

Ubuntu

CVE-2025-43718

Weakness Enumeration

Related Identifiers

Affected Products

References · 42