CVE-2025-50420 — Uncontrolled Recursion in Poppler

CWE-674 — Uncontrolled Recursion CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 82.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler

Timeline

PublishedAug 4

Latest updateAug 20

Description

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfreedesktop/poppler< 25.07.0

▶Debianfreedesktop/poppler< 25.03.0-5+deb13u2+1

🔴Vulnerability Details

GHSA

GHSA-ppc9-vw33-pg6g: An issue in the pdfseparate utility of freedesktop poppler v25↗2025-08-04

▶

OSV

CVE-2025-50420: An issue in the pdfseparate utility of freedesktop poppler v25↗2025-08-04

▶

CVEList

CVE-2025-50420: An issue in the pdfseparate utility of freedesktop poppler v25↗2025-08-04

▶

📋Vendor Advisories

Ubuntu

poppler vulnerability↗2025-08-20

▶

Debian

CVE-2025-50420: poppler - An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attac...↗2025

▶