CVE-2025-43718: Low severity Poppler Poppler vulnerability

Published Oct 1, 2025
·
Updated

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTSPDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::detail::Executor).

Affected Software

1 affected component
Poppler Poppler>=24.06.1<25.04.0

Event History

Oct 1, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·07:15 PM
DescriptionSeverityWeakness
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-43718?

CVE-2025-43718 is classified as having a moderate severity due to its ability to cause stack consumption leading to a segmentation fault.

2

How do I fix CVE-2025-43718?

To fix CVE-2025-43718, upgrade to Poppler version 25.04.0 or later to mitigate the vulnerability.

3

Which versions of Poppler are affected by CVE-2025-43718?

CVE-2025-43718 affects Poppler versions from 24.06.1 up to, but not including, 25.04.0.

4

What causes the CVE-2025-43718 vulnerability?

CVE-2025-43718 is caused by stack consumption through deeply nested structures in the metadata of a PDF document.

5

Is CVE-2025-43718 a local or remote vulnerability?

CVE-2025-43718 is typically considered a remote vulnerability as it can be triggered by processing maliciously crafted PDF files.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2025-43718 - Low severity Poppler Poppler vulnerability - SecAlerts