A recent security update has been released for Poppler, a PDF rendering library, affecting Ubuntu Linux versions 20.04 LTS, 18.04 LTS, and 16.04 LTS. The update, identified as Ubuntu Security Notice USN-7687-1, was published on August 6, 2025, and addresses several vulnerabilities that could potentially be exploited by attackers.
Key vulnerabilities include:
1. CVE-2022-27337: Discovered by Jieyong Ma, this issue involves Poppler's improper handling of certain malformed PDF files, which could lead to application crashes and denial of service. This vulnerability specifically impacts Ubuntu 16.04 LTS and 18.04 LTS.
2. CVE-2025-52886: Identified by Kevin Backhouse, this vulnerability arises from Poppler's mishandling of documents with numerous annotations. If a user is deceived into opening a malicious document, it could result in excessive resource consumption, potentially leading to denial of service or even arbitrary code execution.
To rectify these vulnerabilities, users are advised to update their systems to the specified package versions for each Ubuntu LTS release. The update can be carried out through a standard system update process.
- `libpoppler97`: 0.86.1-0ubuntu1.7+esm1
- `poppler-utils`: 0.86.1-0ubuntu1.7+esm1
- For Ubuntu 18.04 LTS:
- `libpoppler73`: 0.62.0-2ubuntu2.14+esm7
- `poppler-utils`: 0.62.0-2ubuntu2.14+esm7
- For Ubuntu 16.04 LTS:
- `libpoppler58`: 0.41.0-0ubuntu1.16+esm7
- `poppler-utils`: 0.41.0-0ubuntu1.16+esm7
Each of these packages is available through Ubuntu Pro, and users can visit the provided link for more detailed information about the update and references to the specific vulnerabilities.
In summary, users of Ubuntu LTS versions are strongly encouraged to apply this update to safeguard their systems against potential security threats stemming from the identified vulnerabilities in the Poppler library. Keeping software updated is vital in maintaining system security and integrity
Key vulnerabilities include:
1. CVE-2022-27337: Discovered by Jieyong Ma, this issue involves Poppler's improper handling of certain malformed PDF files, which could lead to application crashes and denial of service. This vulnerability specifically impacts Ubuntu 16.04 LTS and 18.04 LTS.
2. CVE-2025-52886: Identified by Kevin Backhouse, this vulnerability arises from Poppler's mishandling of documents with numerous annotations. If a user is deceived into opening a malicious document, it could result in excessive resource consumption, potentially leading to denial of service or even arbitrary code execution.
To rectify these vulnerabilities, users are advised to update their systems to the specified package versions for each Ubuntu LTS release. The update can be carried out through a standard system update process.
Update Instructions:
- For Ubuntu 20.04 LTS:- `libpoppler97`: 0.86.1-0ubuntu1.7+esm1
- `poppler-utils`: 0.86.1-0ubuntu1.7+esm1
- For Ubuntu 18.04 LTS:
- `libpoppler73`: 0.62.0-2ubuntu2.14+esm7
- `poppler-utils`: 0.62.0-2ubuntu2.14+esm7
- For Ubuntu 16.04 LTS:
- `libpoppler58`: 0.41.0-0ubuntu1.16+esm7
- `poppler-utils`: 0.41.0-0ubuntu1.16+esm7
Each of these packages is available through Ubuntu Pro, and users can visit the provided link for more detailed information about the update and references to the specific vulnerabilities.
In summary, users of Ubuntu LTS versions are strongly encouraged to apply this update to safeguard their systems against potential security threats stemming from the identified vulnerabilities in the Poppler library. Keeping software updated is vital in maintaining system security and integrity
Poppler update for Ubuntu
A Poppler security update is available for Ubuntu Linux 20.04 LTS, 18.04 LTS, and 16.04 LTS:
[USN-7687-1] poppler vulnerabilities
