Security update for poppler SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3779-1 Final 1 1 2025-10-24T13:26:29Z current 2025-10-24T13:26:29Z 2025-10-24T13:26:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for poppler This update for poppler fixes the following issues: - CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files (bsc#1250908) - CVE-2025-52885: improved pointer handling that could have led to dangling pointers when the vector is resized (bsc#1251940) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3779,SUSE-SLE-Module-Basesystem-15-SP6-2025-3779,SUSE-SLE-Module-Basesystem-15-SP7-2025-3779,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3779,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3779,openSUSE-SLE-15.6-2025-3779 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253779-1/ Link for SUSE-SU-2025:3779-1 https://lists.suse.com/pipermail/sle-updates/2025-October/042307.html E-Mail link for SUSE-SU-2025:3779-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250908 SUSE Bug 1250908 https://bugzilla.suse.com/1251940 SUSE Bug 1251940 https://www.suse.com/security/cve/CVE-2025-43718/ SUSE CVE CVE-2025-43718 page https://www.suse.com/security/cve/CVE-2025-52885/ SUSE CVE CVE-2025-52885 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 openSUSE Leap 15.6 libpoppler-cpp0-24.03.0-150600.3.24.1 libpoppler-cpp0-32bit-24.03.0-150600.3.24.1 libpoppler-cpp0-64bit-24.03.0-150600.3.24.1 libpoppler-devel-24.03.0-150600.3.24.1 libpoppler-glib-devel-24.03.0-150600.3.24.1 libpoppler-glib8-24.03.0-150600.3.24.1 libpoppler-glib8-32bit-24.03.0-150600.3.24.1 libpoppler-glib8-64bit-24.03.0-150600.3.24.1 libpoppler-qt5-1-24.03.0-150600.3.24.1 libpoppler-qt5-1-32bit-24.03.0-150600.3.24.1 libpoppler-qt5-1-64bit-24.03.0-150600.3.24.1 libpoppler-qt5-devel-24.03.0-150600.3.24.1 libpoppler-qt6-3-24.03.0-150600.3.24.1 libpoppler-qt6-devel-24.03.0-150600.3.24.1 libpoppler135-24.03.0-150600.3.24.1 libpoppler135-32bit-24.03.0-150600.3.24.1 libpoppler135-64bit-24.03.0-150600.3.24.1 poppler-tools-24.03.0-150600.3.24.1 typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 libpoppler-cpp0-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpoppler-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpoppler-glib-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpoppler-glib8-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpoppler135-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 poppler-tools-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpoppler-cpp0-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpoppler-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpoppler-glib-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpoppler-glib8-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpoppler135-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 poppler-tools-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpoppler-cpp0-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpoppler-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpoppler-glib8-32bit-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpoppler-qt5-1-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpoppler-qt5-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpoppler-qt6-3-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpoppler-qt6-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpoppler135-32bit-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpoppler-cpp0-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpoppler-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpoppler-glib8-32bit-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpoppler-qt5-1-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpoppler-qt5-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpoppler-qt6-3-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpoppler-qt6-devel-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpoppler135-32bit-24.03.0-150600.3.24.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libpoppler-cpp0-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-cpp0-32bit-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-devel-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-glib-devel-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-glib8-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-glib8-32bit-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-qt5-1-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-qt5-1-32bit-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-qt5-devel-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-qt6-3-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler-qt6-devel-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler135-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 libpoppler135-32bit-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 poppler-tools-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 as a component of openSUSE Leap 15.6 Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor). CVE-2025-43718 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler-cpp0-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler-glib-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler-glib8-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler135-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:poppler-tools-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler-cpp0-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler-glib-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler-glib8-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler135-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:poppler-tools-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-cpp0-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-glib8-32bit-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-qt5-1-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-qt5-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-qt6-3-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-qt6-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler135-32bit-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-cpp0-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-glib8-32bit-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-qt5-1-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-qt5-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-qt6-3-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-qt6-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler135-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-cpp0-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-cpp0-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-devel-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-glib-devel-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-glib8-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-glib8-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt5-1-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt5-1-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt5-devel-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt6-3-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt6-devel-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler135-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler135-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:poppler-tools-24.03.0-150600.3.24.1 openSUSE Leap 15.6:typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253779-1/ https://www.suse.com/security/cve/CVE-2025-43718.html CVE-2025-43718 https://bugzilla.suse.com/1250908 SUSE Bug 1250908 Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue. CVE-2025-52885 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler-cpp0-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler-glib-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler-glib8-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpoppler135-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:poppler-tools-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler-cpp0-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler-glib-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler-glib8-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpoppler135-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:poppler-tools-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-cpp0-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-glib8-32bit-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-qt5-1-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-qt5-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-qt6-3-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler-qt6-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpoppler135-32bit-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-cpp0-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-glib8-32bit-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-qt5-1-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-qt5-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-qt6-3-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler-qt6-devel-24.03.0-150600.3.24.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libpoppler135-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-cpp0-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-cpp0-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-devel-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-glib-devel-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-glib8-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-glib8-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt5-1-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt5-1-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt5-devel-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt6-3-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler-qt6-devel-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler135-24.03.0-150600.3.24.1 openSUSE Leap 15.6:libpoppler135-32bit-24.03.0-150600.3.24.1 openSUSE Leap 15.6:poppler-tools-24.03.0-150600.3.24.1 openSUSE Leap 15.6:typelib-1_0-Poppler-0_18-24.03.0-150600.3.24.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253779-1/ https://www.suse.com/security/cve/CVE-2025-52885.html CVE-2025-52885 https://bugzilla.suse.com/1251940 SUSE Bug 1251940