Security update for poppler SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3900-1 Final 1 1 2025-10-31T14:56:40Z current 2025-10-31T14:56:40Z 2025-10-31T14:56:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for poppler This update for poppler fixes the following issues: - CVE-2025-43718: Fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files allows for stack exhaustion and denial of service (bsc#1250908). - CVE-2025-52885: Fixed raw pointers can lead to dangling pointers when the vector is resized (bsc#1251940). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3900,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3900,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3900,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3900,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3900 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253900-1/ Link for SUSE-SU-2025:3900-1 https://lists.suse.com/pipermail/sle-security-updates/2025-October/023129.html E-Mail link for SUSE-SU-2025:3900-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250908 SUSE Bug 1250908 https://bugzilla.suse.com/1251940 SUSE Bug 1251940 https://www.suse.com/security/cve/CVE-2025-43718/ SUSE CVE CVE-2025-43718 page https://www.suse.com/security/cve/CVE-2025-52885/ SUSE CVE CVE-2025-52885 page SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP5 libpoppler-cpp0-23.01.0-150500.3.26.1 libpoppler-cpp0-32bit-23.01.0-150500.3.26.1 libpoppler-cpp0-64bit-23.01.0-150500.3.26.1 libpoppler-devel-23.01.0-150500.3.26.1 libpoppler-glib-devel-23.01.0-150500.3.26.1 libpoppler-glib8-23.01.0-150500.3.26.1 libpoppler-glib8-32bit-23.01.0-150500.3.26.1 libpoppler-glib8-64bit-23.01.0-150500.3.26.1 libpoppler-qt5-1-23.01.0-150500.3.26.1 libpoppler-qt5-1-32bit-23.01.0-150500.3.26.1 libpoppler-qt5-1-64bit-23.01.0-150500.3.26.1 libpoppler-qt5-devel-23.01.0-150500.3.26.1 libpoppler-qt6-3-23.01.0-150500.3.26.1 libpoppler-qt6-devel-23.01.0-150500.3.26.1 libpoppler126-23.01.0-150500.3.26.1 libpoppler126-32bit-23.01.0-150500.3.26.1 libpoppler126-64bit-23.01.0-150500.3.26.1 poppler-tools-23.01.0-150500.3.26.1 typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 libpoppler-cpp0-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libpoppler-devel-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libpoppler-glib-devel-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libpoppler-glib8-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libpoppler126-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS poppler-tools-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libpoppler-cpp0-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libpoppler-devel-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libpoppler-glib-devel-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libpoppler-glib8-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libpoppler126-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS poppler-tools-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libpoppler-cpp0-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libpoppler-devel-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libpoppler-glib-devel-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libpoppler-glib8-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libpoppler126-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS poppler-tools-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libpoppler-cpp0-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libpoppler-devel-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libpoppler-glib-devel-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libpoppler-glib8-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libpoppler126-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 poppler-tools-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor). CVE-2025-43718 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler-cpp0-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler-glib-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler-glib8-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler126-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:poppler-tools-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler-cpp0-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler-glib-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler-glib8-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler126-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:poppler-tools-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler-cpp0-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler-glib-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler-glib8-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler126-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:poppler-tools-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler-cpp0-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler-glib-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler-glib8-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler126-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:poppler-tools-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253900-1/ https://www.suse.com/security/cve/CVE-2025-43718.html CVE-2025-43718 https://bugzilla.suse.com/1250908 SUSE Bug 1250908 Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue. CVE-2025-52885 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler-cpp0-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler-glib-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler-glib8-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpoppler126-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:poppler-tools-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler-cpp0-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler-glib-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler-glib8-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpoppler126-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:poppler-tools-23.01.0-150500.3.26.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler-cpp0-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler-glib-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler-glib8-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libpoppler126-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:poppler-tools-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler-cpp0-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler-glib-devel-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler-glib8-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpoppler126-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:poppler-tools-23.01.0-150500.3.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253900-1/ https://www.suse.com/security/cve/CVE-2025-52885.html CVE-2025-52885 https://bugzilla.suse.com/1251940 SUSE Bug 1251940