Ubuntu
poppler package

CVE-2025-43718: stack consumption & crash

Bug #2126687 reported by Jeremy Bícha on 2025-10-02

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	poppler (Debian)	Fix Released	Unknown	debbugs #1117046
	poppler (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

This is a one-line security fix I'd like to get into questing before release.

I'm not handling updates for any previous Ubuntu releases for this issue.

https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672

Tags:

CVE References

2025-43718

Bug Watch Updater (bug-watch-updater) on 2025-10-02

Changed in poppler (Debian):
status:	Unknown → Fix Released

Jeremy Bícha (jbicha) on 2025-10-03

Changed in poppler (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-10-04:

This bug was fixed in the package poppler - 25.03.0-10

---------------
poppler (25.03.0-10) unstable; urgency=high

  * SECURITY UPDATE: stack consumption & crash
    - debian/patches/CVE-2025-43718.patch: make sure regex doesn't
      stack overflow by limiting it in poppler/PDFDoc.cc
    - CVE-2025-4718 (Closes: #1117046) (LP: #2126687)

-- Jeremy Bícha <email address hidden> Thu, 02 Oct 2025 15:58:16 -0400

Changed in poppler (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #1117046
[done important security upstream] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntupoppler package