This update for poppler fixes the following issues:
* CVE-2025-43718: Fixed uncontrolled recursion in the regex-based metadata
parser when processing specially crafted PDF files allows for stack
exhaustion and denial of service (bsc#1250908).
* CVE-2025-52885: Fixed raw pointers can lead to dangling pointers when the
vector is resized (bsc#1251940).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3900=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3900=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3900=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3900=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3900=1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libpoppler-glib8-debuginfo-23.01.0-150500.3.26.1
* libpoppler-cpp0-23.01.0-150500.3.26.1
* libpoppler126-23.01.0-150500.3.26.1
* poppler-qt5-debugsource-23.01.0-150500.3.26.1
* poppler-qt6-debugsource-23.01.0-150500.3.26.1
* libpoppler-qt6-3-23.01.0-150500.3.26.1
* libpoppler-qt5-1-23.01.0-150500.3.26.1
* libpoppler-qt6-devel-23.01.0-150500.3.26.1
* libpoppler-qt5-devel-23.01.0-150500.3.26.1
* libpoppler-glib8-23.01.0-150500.3.26.1
* poppler-tools-debuginfo-23.01.0-150500.3.26.1
* libpoppler-qt5-1-debuginfo-23.01.0-150500.3.26.1
* libpoppler-glib-devel-23.01.0-150500.3.26.1
* libpoppler126-debuginfo-23.01.0-150500.3.26.1
* libpoppler-devel-23.01.0-150500.3.26.1
* poppler-debugsource-23.01.0-150500.3.26.1
* typelib-1_0-Poppler-0_18-23.01.0-150500.3.26.1
* libpoppler-qt6-3-debuginfo-23.01.0-150500.3.26.1
* poppler-tools-23.01.0-150500.3.26.1
* libpoppler-cpp0-debuginfo-23.01.0-150500.3.26.1
* openSUSE Leap 15.5 (x86_64)
*...
Read the Full Advisory* bsc#1250908
* bsc#1251940
## References:
* https://www.suse.com/security/cve/CVE-2025-43718.html
* https://www.suse.com/security/cve/CVE-2025-52885.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250908
* https://bugzilla.suse.com/show_bug.cgi?id=1251940
Get the latest Linux and open source security news straight to your inbox.