Stack Consumption Vulnerability in Poppler PDF Library
CVE-2025-43718

2.9LOW

Key Information:

Vendor: Freedesktop
Status: Poppler
Vendor: CVE Published:; 1 October 2025

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2025-43718?

The Poppler PDF library versions 24.06.1 through 25.x prior to 25.04.0 are prone to a stack consumption vulnerability. This issue arises from handling deeply nested structures in PDF metadata, such as the GTS_PDFEVersion element. Exploiting this vulnerability can lead to a stack overflow, causing a segmentation fault (SIGSEGV) during operations within functions like Dict::lookup and Catalog::getMetadata. The flaw is exacerbated by the deep recursion needed in the regex executor, potentially leading to application crashes. Users and developers are advised to review and upgrade their Poppler installations to mitigate the risk.

Affected Version(s)

Poppler 24.06.1 < 25.04.0

References

https://gitlab.freedesktop.org/poppler/poppler/-/commit/f...

https://github.com/ShadowByte1/CVE-Reports/blob/main/CVE-...

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 17, 2025

JSON