- Package:
- src:poppler
- Source:
- src:poppler
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2026-06-11 20:49:07 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for poppler. CVE-2025-52885[0]: | Poppler ia a library for rendering PDF files, and examining or | modifying their structure. A use-after-free (write) vulnerability | has been detected in versions Poppler prior to 25.10.0 within the | StructTreeRoot class. The issue arises from the use of raw pointers | to elements of a `std::vector`, which can lead to dangling pointers | when the vector is resized. The vulnerability stems from the way | that refToParentMap stores references to `std::vector` elements | using raw pointers. These pointers may become invalid when the | vector is resized. This vulnerability is a common security problem | involving the use of raw pointers to `std::vectors`. Internally, | `std::vector `stores its elements in a dynamically allocated array. | When the array reaches its capacity and a new element is added, the | vector reallocates a larger block of memory and moves all the | existing elements to the new location. At this point if any pointers | to elements are stored before a resize occurs, they become dangling | pointers once the reallocation happens. Version 25.10.0 contains a | patch for the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-52885 https://www.cve.org/CVERecord?id=CVE-2025-52885 [1] https://securitylab.github.com/advisories/GHSL-2025-042_poppler/ [2] https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884 [3] https://gitlab.freedesktop.org/poppler/poppler/-/commit/4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Dear maintainer, I've prepared an NMU for poppler (versioned as 25.03.0-11.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should cancel it. Regards, Salvatore
Feel free to upload now without delay. Thank you! Jeremy Bícha
Hi Jeremy, Thanks! Just done. MR for this change as well made in https://salsa.debian.org/freedesktop-team/poppler/-/merge_requests/18 Regards, Salvatore
We believe that the bug you reported is fixed in the latest version of poppler, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1117853@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated poppler package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Sun, 12 Oct 2025 20:30:50 +0200 Source: poppler Architecture: source Version: 25.03.0-11.1 Distribution: unstable Urgency: medium Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1117853 Changes: poppler (25.03.0-11.1) unstable; urgency=medium . * Non-maintainer upload. * Check for duplicate entries (CVE-2025-52885) (Closes: #1117853) Checksums-Sha1: 730d8f4bf53b372806885a936119321f84bb081a 4113 poppler_25.03.0-11.1.dsc 966e7738796f59923bd7aff5f4f4d6b3b01b2704 43596 poppler_25.03.0-11.1.debian.tar.xz bc70751352a5000bc3fcfd73c7c9d09e3c676e0b 6622 poppler_25.03.0-11.1_source.buildinfo Checksums-Sha256: 67d16ccf47115e455ee464aebe5b3a232660f707f9d9038702904f0d17f9b02b 4113 poppler_25.03.0-11.1.dsc 4970710dee3b893251e8be5bcdf3ab3128936ea02d899f1470d47b95c65462d7 43596 poppler_25.03.0-11.1.debian.tar.xz fa5d860811294aa368758ad2a677d669a172d27585da5135b8e28f4194e19af5 6622 poppler_25.03.0-11.1_source.buildinfo Files: 9a77577a772755388041c41f35423905 4113 devel optional poppler_25.03.0-11.1.dsc b772bfd7b6924cef0ce9ea14983a0ef2 43596 devel optional poppler_25.03.0-11.1.debian.tar.xz 25b5027dea4a9bf8dbf22ba2c3f77374 6622 devel optional poppler_25.03.0-11.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjsBhdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ew3cP/imFmX4qziY8+HhC8rDfaPn8X7maBpvl 0BnckcHjH1DJYgbF9RGKe8rvjmW1BvH3rO8DcfgpEJ0mhfl2mUrIGyxRB3Bm0c2U m3CCfDBsRmiBklhhDVtUm+Pwre8N43RHQJ9r68+nV1bekhmYUr6MDyOb61LZI+1y XA0KZWhscwhftYWdYYxCzy/DmStt6WBSVFVOcx2CUetTzYMqxvJukSsaj49C69zz AglFA8IBdy7krqBOGhAJW6dT+Id3UbTB7pT4M6qWaJ8iTaYRTjkHs5so3vDSlBTW p775M/RVRfPA+4yliww3psz2JK3mQFB4Ya1l8d3Qwy1NF0SdGdaIu3o571aChAvp uws8mZSDzGsYsQY3tkBNeUpty2v8v/m8VgClx8JINog73T052d2Jmjniw5Ealq67 IIPqHIjlFmmnOQFIW4Y67HKOHTYT5z/j3g6jE67olJD+FfEBf/ZTap7TfPR/IpmG x84lC1M8aPnlsMUgctC80EiDDNHBxZinCpwgxN/3W74jn5V1kpsdJ8uWsgZaSAMh tVK/Ahb4zsKSX5y19FnTUHc9Fp0eco//KZHA9cGJyXUx2qzQJVxnKjET5X8f2H5B EgrHe6t7+7TZPMBrVGCnIFn9r0DKsb97+GYhe9ncQnFSG3uxVxq+77F1H8J1Y/Aj YVG2tEbDhUwe =l0Gk -----END PGP SIGNATURE-----
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1117853@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 06 Jun 2026 11:07:43 +0200
Source: poppler
Architecture: source
Version: 25.03.0-5+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1117046 1117853 1138708
Changes:
poppler (25.03.0-5+deb13u3) trixie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* SplashOutputDev: Fix integer overflow in tilingPatternFill (CVE-2026-10118)
(Closes: #1138708)
* Make sure regex doesn't stack overflow by limiting it (CVE-2025-43718)
(Closes: #1117046)
* Check for duplicate entries (CVE-2025-52885) (Closes: #1117853)
Checksums-Sha1:
8b17e8eeb60c2fb37a25ce36fc7bcfc095678a13 4121 poppler_25.03.0-5+deb13u3.dsc
ee5041be2a6bd6b6e5627776c7c82b788e238f58 1954516 poppler_25.03.0.orig.tar.xz
cb74cff2ea515391ee267c81a926b0ece4a14991 43964 poppler_25.03.0-5+deb13u3.debian.tar.xz
4f393b77eeecfaebbf22a1d38ac3d75654911d6b 6752 poppler_25.03.0-5+deb13u3_source.buildinfo
Checksums-Sha256:
4c867dedb90253a5693832f2187ee00cc4db1c997c7573f2289e4048480ff1f9 4121 poppler_25.03.0-5+deb13u3.dsc
97da4ff88517a6bbd729529f195f85c8d7a0c3bb4a3d57cb0c685cbb052fe837 1954516 poppler_25.03.0.orig.tar.xz
1234f92a2cbf5dafc80f34b51e98d1d79011fd51072744109c0f5c2aff32c658 43964 poppler_25.03.0-5+deb13u3.debian.tar.xz
d6145e8aefdd9df8b648e5117de0b55571d15fa89a8b2718351c0354b3789c4a 6752 poppler_25.03.0-5+deb13u3_source.buildinfo
Files:
58612a17225657930e99712d758f4a68 4121 devel optional poppler_25.03.0-5+deb13u3.dsc
21bb345c070ab16d7cd3bafcd513cc02 1954516 devel optional poppler_25.03.0.orig.tar.xz
561810f6047d557cd24c78cfd2f69f96 43964 devel optional poppler_25.03.0-5+deb13u3.debian.tar.xz
4109a65dfb6a5ee70c2fe7d801a0846e 6752 devel optional poppler_25.03.0-5+deb13u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmokO0dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ebc4P/3j31hUaSEt4mDqRErLcG+N/ZGz90An6
7j8gu1FUIpFFLLVXLJNgyHBNdNrpwrwB/KTrS5zBKY1i6YdNDql3C7YnunlPLANM
DMnsQYejHklGBQoMbzP4PK0FIrLjHt/KkqyNr9JbDPZ7hCS6jJJfVpHT8EtCLlfQ
WwUWcuwpIzUuauLjg3FeQHFAlWLhSQZDeghHbiQwkzb4O6E0RdEHTG39wlByfq4+
IrnwIzeowbtM01OfoTILJ/wK9HAsspNAfROXnVJLZ6W1REYXOQ0Ys0+ZBAiJLUOB
vcOfRm/IcNBeKOaLHnJuc9F/355xacMFpZrgdCsPaDer1GhOv712h6g8+nrWwpN7
8UMcJmcUJDBS9E7Z/z5R28UVtxk/7FsA9Jgg4aO4At70MTSr+kLCF/tSjLIlxLMY
e0v82K+YC407ZsvliUIh4QA7nvr92mBDYQ1vX+zsvqkon8bS/nSmAd5OtUzvQJgW
QWq19XF79kvqX1JemXN2YN5/dHL1zTh7hAzyuUzkAWiRVq7gedd7xR0YhGoFAct0
k794rTiaSXlkdafGUxrVv3AQ+2CufoArs4iB+SUOAXey94rG0mHDYlzUx4uIFirM
AWGJnzixcSf6Ca0fi71WPOuHfky2ATmc6Cr0uS4u9BVUKkGCyE3HAEenIEuvPSth
9kf//BntPfoH
=bOAU
-----END PGP SIGNATURE-----
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1117853@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 06 Jun 2026 15:00:14 +0200
Source: poppler
Architecture: source
Version: 22.12.0-2+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian freedesktop.org maintainers <pkg-freedesktop-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1117046 1117853 1138708
Changes:
poppler (22.12.0-2+deb12u2) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Make sure regex doesn't stack overflow by limiting it (CVE-2025-43718)
(Closes: #1117046)
* Check for duplicate entries (CVE-2025-52885) (Closes: #1117853)
* SplashOutputDev: Fix integer overflow in tilingPatternFill (CVE-2026-10118)
(Closes: #1138708)
Checksums-Sha1:
4116288d991eba62296630a24681f71f8f08399f 3641 poppler_22.12.0-2+deb12u2.dsc
28bba6fd877ada1629d5e093d7b1d3701a6bb36f 1845856 poppler_22.12.0.orig.tar.xz
cd931aeda929739e6bc9e4e08c8a0d70fb684f12 40648 poppler_22.12.0-2+deb12u2.debian.tar.xz
2de502f143869928383125ba7d9cf6a87110dbe8 6752 poppler_22.12.0-2+deb12u2_source.buildinfo
Checksums-Sha256:
7414799e91fc1fde389c24aacfc811ae5676d4be713be085870bfe978621bb88 3641 poppler_22.12.0-2+deb12u2.dsc
d9aa9cacdfbd0f8e98fc2b3bb008e645597ed480685757c3e7bc74b4278d15c0 1845856 poppler_22.12.0.orig.tar.xz
fd5bc595a83f013adfc9f576ccf5184b398ba33aca889cef7c09cb5736c5862f 40648 poppler_22.12.0-2+deb12u2.debian.tar.xz
ae22eaaaed523ddc654a74850c149ae40d1e8a2dd6498a78049422880fa1ad37 6752 poppler_22.12.0-2+deb12u2_source.buildinfo
Files:
73aca07092107e88f2d8e00f38b49b9a 3641 devel optional poppler_22.12.0-2+deb12u2.dsc
39b6a69eceba6adb8afbcee8d47385fd 1845856 devel optional poppler_22.12.0.orig.tar.xz
2b985eefb7ecbcc603656f857e1c7be1 40648 devel optional poppler_22.12.0-2+deb12u2.debian.tar.xz
5349c2ed29141bfe6e2b404830686070 6752 devel optional poppler_22.12.0-2+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmokO+hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETTEP/iOGW9NSZgrjL1LwHhI4t1LpP3yMLzCk
jhvdX3leuWrbhs9opgADvW6v6B2Y6dNfysE8W8jwl24GIHeQ6pF1adeGwxTNcYsA
SYt61Hia+CBd1bgNCYljv5EzfZzsbomuB0JmJt0YQxV+/usbjoygzG/8zwzOZb61
7fIwEaoqK1HhcIlscA3XMBYNBYIGsm1cck37YMM6hqEwEAPRusTUUMjoY5JZOjYa
ABl1EIy3CGeTynaGxclQN014xjZWsahSKrE3ftJG6BjawpR8slZ6wSqcGxaaveE2
XTXRDfw9kwTYmxLr/iLx+jqSMREMoLZc0t/84qUnV2k3VE9E8EfBRtjlC/VRYMOG
shWvhEmlla2TH0klLQK0erzMHpWaOTTm9IPA3Lu1iGkZju12nEvF154qZcbt07Y7
uit59VWKlqIJGD4WmN5StliVZ1Fpe5BsSBnmlDn4z3oVV9E0sLn9/FNL31Q37+Bp
6Pjja+giJPW47ibZTuFEADUwTvOyt2EybIvcRBcXrNQ25weZvS+g8ff7LLySMK/G
NoYBmeAWGm98nGSgDvx+OXdMKK85mn4ypgguFb80wmG8Deeur+fX4kzfNg6hAFd4
gqnApQ7tkUscgulJsvbdCglM8DbIKI78JA6bsK079AMbEdqZy7Q0AjLfqp7rneO+
a9O6kD+oMROw
=E49I
-----END PGP SIGNATURE-----