diff options
| author | Yogita Urade <yogita.urade@windriver.com> | 2025-10-14 15:37:05 +0530 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-10-17 10:51:27 +0200 |
| commit | 529b31ef7f952da1a78e07e577d1a418ebbf0eda (patch) | |
| tree | 4e96a5f7b5e08a63a4e25664f6004939a38cf26d /README | |
| parent | 5fd149feb49fb682c59d6963e6ed7437238dcf55 (diff) | |
| download | meta-openembedded-529b31ef7f952da1a78e07e577d1a418ebbf0eda.tar.gz | |
poppler: fix CVE-2025-43718
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption
and a SIGSEGV via deeply nested structures within the metadata (such
as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for
a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata,
and associated functions in PDFDoc, with deep recursion in the regex
executor (std::__detail::_Executor).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-43718
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions
