summaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
authorYogita Urade <yogita.urade@windriver.com>2025-10-14 15:37:05 +0530
committerGyorgy Sarvari <skandigraun@gmail.com>2025-10-17 10:51:27 +0200
commit529b31ef7f952da1a78e07e577d1a418ebbf0eda (patch)
tree4e96a5f7b5e08a63a4e25664f6004939a38cf26d /README
parent5fd149feb49fb682c59d6963e6ed7437238dcf55 (diff)
downloadmeta-openembedded-529b31ef7f952da1a78e07e577d1a418ebbf0eda.tar.gz
poppler: fix CVE-2025-43718
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor). Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-43718 Upstream patch: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions