VDB

CVE-2025-43718

CVE-2025-43718 PUBLISHED CVSS 2.9000000953674316 LOW

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).

EPSS 0.01% · 0.9th percentile

Risk Scores

CVSS 3.1
2.9000000953674316
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.01%
0.9th percentile

Affected Products

VendorProductVersions
freedesktopPoppler24.06.1
freedesktoppoppler24.06.1

Exploit Intelligence

Timeline

  • Oct 1, 2025 CVE Published
  • Oct 2, 2025 EPSS Score
  • Oct 4, 2025 Coalition ESS Score
  • Oct 6, 2025 Coalition ESS Score
  • Oct 6, 2025 CVE Updated
  • Oct 7, 2025 Coalition ESS Score
  • Oct 8, 2025 Coalition ESS Score
  • Oct 9, 2025 EPSS Score
  • Oct 15, 2025 EPSS Score
  • Oct 22, 2025 EPSS Score
  • Oct 28, 2025 EPSS Score
  • Nov 4, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›