CVE-2025-43718 is a vulnerability in the freedesktop Poppler PDF rendering library, specifically affecting versions 24.06.1 through versions prior to 25.04.0. The issue stems from uncontrolled recursion when parsing deeply nested metadata structures within PDF documents, such as the GTS_PDFEVersion field or long pdfsubver strings that are processed using regular expressions. The recursion occurs in functions like Dict::lookup, Catalog::getMetadata, and the regex executor component std::__detail::_Executor within the PDFDoc class. When a maliciously crafted PDF with deeply nested metadata is processed, the recursion depth can cause excessive stack consumption, leading to a stack overflow and a segmentation fault (SIGSEGV). This results in a denial-of-service condition by crashing the application using Poppler to parse the PDF. The CVSS score is 2.9, indicating low severity, with an attack vector limited to local access (AV:L), high attack complexity (AC:H), no privileges required (PR:N), and no user interaction (UI:N). The vulnerability does not impact confidentiality or integrity, only availability. No public exploits or active exploitation in the wild have been reported. The root cause is classified under CWE-674 (Uncontrolled Recursion). The vulnerability highlights the risk of insufficient input validation and recursion control in PDF metadata parsing, which can be exploited to disrupt services relying on Poppler for PDF rendering or processing. No official patches were linked at the time of publication, but upgrading to Poppler 25.04.0 or later is expected to resolve the issue.

For European organizations, the primary impact of CVE-2025-43718 is the potential for denial-of-service (DoS) conditions in applications or services that utilize vulnerable versions of Poppler for PDF rendering or processing. This could affect document management systems, email clients, web services, or any software that automatically processes PDF files. While the vulnerability does not compromise data confidentiality or integrity, service disruptions could impact business continuity, especially in sectors heavily reliant on automated PDF workflows such as legal, finance, and government. The requirement for local access and high attack complexity limits remote exploitation, reducing the risk of widespread attacks. However, insider threats or compromised internal systems could leverage this vulnerability to cause application crashes. Organizations with automated PDF ingestion pipelines or public-facing services that accept PDF uploads should be particularly cautious. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to avoid future exploitation. Overall, the impact is moderate in terms of availability disruption but limited in scope and severity.

1. Upgrade Poppler to version 25.04.0 or later as soon as the patch becomes available to eliminate the uncontrolled recursion issue. 2. Implement input validation and sanitization on PDF metadata before processing to detect and reject suspiciously deeply nested or malformed PDFs. 3. Employ sandboxing or containerization for PDF processing components to isolate crashes and prevent service-wide impact. 4. Monitor application logs for repeated crashes or segmentation faults related to PDF parsing to detect potential exploitation attempts. 5. Limit local access to systems performing PDF processing to trusted users and services to reduce the attack surface. 6. Consider rate limiting or scanning PDF uploads in public-facing services to mitigate the risk of malicious PDFs triggering the vulnerability. 7. Maintain up-to-date backups and incident response plans to quickly recover from denial-of-service incidents. 8. Engage with software vendors or open-source communities to track patch releases and security advisories related to Poppler.