CVE-2025-43718: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-43718 affects Poppler versions 24.06.1 through 25.x before 25.04.0. The vulnerability was discovered and disclosed in early October 2025, impacting PDF rendering library functionality across multiple Linux distributions. The vulnerability allows stack consumption and SIGSEGV (segmentation fault) through deeply nested structures within PDF metadata, specifically in the GTS_PDFEVersion component (Ubuntu Security, Debian Security).

The vulnerability occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, involving deep recursion in the regex executor (std::__detail::_Executor). The issue manifests when processing deeply nested structures within PDF metadata, particularly when handling regular expressions for long pdfsubver strings. The vulnerability has been assigned a CVSS 3.1 Base Score of 6.5 (Medium), with attack vector being Network, low attack complexity, requiring no privileges but user interaction, and having high availability impact (Ubuntu Security).

If exploited, this vulnerability can cause the Poppler library to crash, resulting in a denial of service condition. When a user or automated system is tricked into opening a specially crafted PDF document, the application can experience a segmentation fault, disrupting normal operations (Ubuntu Security Notice).

The vulnerability has been fixed in Poppler version 25.04.0 through commit f54b815. Multiple Linux distributions have released security updates to address this issue. Ubuntu has released fixes for versions 25.04 (plucky), 24.04 LTS (noble), and 22.04 LTS (jammy). Users are advised to update their systems to the latest package versions through standard system updates (Ubuntu Security Notice, Debian Security).