rpm package
suse/poppler&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-52885 | Med | — | < 23.01.0-150500.3.26.1 | 23.01.0-150500.3.26.1 | Oct 10, 2025 | Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a | |
| CVE-2025-43718 | Low | 2.9 | < 23.01.0-150500.3.26.1 | 23.01.0-150500.3.26.1 | Oct 1, 2025 | Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetada | |
| CVE-2025-50420 | — | < 23.01.0-150500.3.23.1 | 23.01.0-150500.3.23.1 | Aug 4, 2025 | An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS). | ||
| CVE-2025-52886 | — | < 23.01.0-150500.3.20.1 | 23.01.0-150500.3.20.1 | Jul 2, 2025 | Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. |
- affected < 23.01.0-150500.3.26.1fixed 23.01.0-150500.3.26.1
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a
- affected < 23.01.0-150500.3.26.1fixed 23.01.0-150500.3.26.1
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetada
- CVE-2025-50420Aug 4, 2025affected < 23.01.0-150500.3.23.1fixed 23.01.0-150500.3.23.1
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).
- CVE-2025-52886Jul 2, 2025affected < 23.01.0-150500.3.20.1fixed 23.01.0-150500.3.20.1
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.