Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

Ubuntu: Poppler Critical Denial Of Service Vulnerabiliy USN-7687-1

ubuntu
Calendar Grey August 6, 2025
Dist Ubuntu Esm H88
Essential patches for poppler address denial of service and potential remote code execution vulnerabilities across various Ubuntu editions. Prioritize your safety!
Several security issues were fixed in poppler.

Summary

Several security issues were fixed in poppler.

Software Description:

- poppler: PDF rendering library

Details:

Jieyong Ma discovered that poppler incorrectly handled certain malformed

PDF files. A remote attacker could possibly use this issue to cause poppler

to crash, resulting in a denial of service. This issue only affected Ubuntu

16.04 LTS and Ubuntu 18.04 LTS. (CVE-2022-27337)

Kevin Backhouse discovered that poppler incorrectly handled documents with

a large number of annotations. If a user or automated system were tricked

into opening a specially crafted document, a remote attacker could use

this issue to cause poppler to consume resources, leading to a denial of

service, or possibly execute arbitrary code. (CVE-2025-52886)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  libpoppler97                    0.86.1-0ubuntu1.7+esm1
                                  Available with Ubuntu Pro
  poppler-utils                   0.86.1-0ubuntu1.7+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libpoppler73                    0.62.0-2ubuntu2.14+esm7
                                  Available with Ubuntu Pro
  poppler-utils                   0.62.0-2ubuntu2.14+esm7
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libpoppler58                    0.41.0-0ubuntu1.16+esm7
                                  Available with Ubuntu Pro
  poppler-utils                   0.41.0-0ubuntu1.16+esm7
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7687-1

CVE-2022-27337, CVE-2025-52886

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7687-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here