Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-a8zz-dfdm-1uf7

Summary poppler: Poppler stack overflow

Aliases

alias	CVE-2025-43718

Fixed_packages

url	pkg:deb/debian/poppler@25.03.0-10?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-10%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1
purl	pkg:deb/debian/poppler@25.03.0-11.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1

Affected_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-48ua-ch85-w3cg

vulnerability	VCID-4ucr-xaac-7uc7

vulnerability	VCID-72nw-9jgd-4kdw

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-bc96-6vy6-ryfz

vulnerability	VCID-c4wz-u632-eyeh

vulnerability	VCID-d5fj-5prg-97f4

vulnerability	VCID-n1sx-y7xc-kqfb

vulnerability	VCID-nqqu-29qr-wfec

vulnerability	VCID-tfe8-bq62-3ke4

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2

url pkg:rpm/redhat/poppler-main@26.01.0-7?arch=hum1

purl pkg:rpm/redhat/poppler-main@26.01.0-7?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/poppler-main@26.01.0-7%3Farch=hum1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43718.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43718

reference_id

reference_type

scores

value	8e-05
scoring_system	epss
scoring_elements	0.00727
published_at	2026-04-02T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00755
published_at	2026-04-21T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00719
published_at	2026-04-09T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00716
published_at	2026-04-11T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.0071
published_at	2026-04-13T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00708
published_at	2026-04-16T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00713
published_at	2026-04-18T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00724
published_at	2026-04-04T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00729
published_at	2026-04-07T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00728
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43718

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117046
reference_id	1117046
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117046

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2400893
reference_id	2400893
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2400893

reference_url

https://github.com/ShadowByte1/CVE-Reports/blob/main/CVE-2025-43718.md

reference_id

CVE-2025-43718.md

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:15:35Z/

url

https://github.com/ShadowByte1/CVE-Reports/blob/main/CVE-2025-43718.md

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408

reference_id

f54b815672117c250420787c8c006de98e8c7408

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:15:35Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408

reference_url	https://access.redhat.com/errata/RHSA-2026:7364
reference_id	RHSA-2026:7364
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7364

reference_url	https://usn.ubuntu.com/7803-1/
reference_id	USN-7803-1
reference_type
scores
url	https://usn.ubuntu.com/7803-1/

Weaknesses

cwe_id	674
name	Uncontrolled Recursion
description	The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Exploits

Severity_range_score 2.9 - 6.1

Exploitability 0.5

Weighted_severity 3.6

Risk_score 1.8

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8zz-dfdm-1uf7

Vulnerability Instance