debcrafters-packages team mailing list archive

Thread
Date

[Bug 2126687] Re: CVE-2025-43718: stack consumption & crash

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2126687@xxxxxxxxxxxxxxxxxx>
Date: Sat, 04 Oct 2025 00:59:37 -0000
Reply-to: Bug 2126687 <2126687@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package poppler - 25.03.0-10

---------------
poppler (25.03.0-10) unstable; urgency=high

  * SECURITY UPDATE: stack consumption & crash
    - debian/patches/CVE-2025-43718.patch: make sure regex doesn't
      stack overflow by limiting it in poppler/PDFDoc.cc
    - CVE-2025-4718 (Closes: #1117046) (LP: #2126687)

 -- Jeremy Bícha <jbicha@xxxxxxxxxx>  Thu, 02 Oct 2025 15:58:16 -0400

** Changed in: poppler (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-4718

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/2126687

Title:
  CVE-2025-43718: stack consumption & crash

Status in poppler package in Ubuntu:
  Fix Released
Status in poppler package in Debian:
  Fix Released

Bug description:
  This is a one-line security fix I'd like to get into questing before
  release.

  I'm not handling updates for any previous Ubuntu releases for this
  issue.

  https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/2126687/+subscriptions

References

[Bug 2126687] [NEW] CVE-2025-43718: stack consumption & crash
From: Jeremy Bícha, 2025-10-02