Poppler-Utils Stack Overflow Vulnerability in Metadata Parser Allowing Denial-of-Service and Potential Remote Code Execution

A stack overflow vulnerability has been identified in Poppler-Utils versions 24.06.1 prior to 25.04.0. This vulnerability affects multiple utilities, including pdfinfo, pdffonts, and pdftohtml. The issue arises during the parsing of deeply nested or malformed metadata structures, particularly within the GTS_PDFEVersion field. The vulnerability is triggered by unbounded recursion in the regular expression execution logic, leading to stack exhaustion, SIGSEGV crashes, and potentially allowing remote code execution in memory-constrained environments.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by exhausting the stack, leading to a SIGSEGV crash. Additionally, in systems with limited stack memory, this vulnerability could be exploited to achieve controlled code execution by overwriting the stack in a way that redirects execution to injected payloads.

Reproduction

The vulnerability can be reproduced by creating a PDF file with a deeply nested GTS_PDFEVersion metadata field, extending beyond the standard versioning format. This crafted PDF can then be processed using Poppler utilities such as pdfinfo, which will trigger the unbounded recursion and cause a stack overflow crash.

Remediation

Users are advised to upgrade to Poppler version 25.03 or later, which includes fixes for the recursion depth validation and input handling. For those using Poppler in automated PDF processing workflows, consider deploying sandboxed containers and applying fuzzing regression tests to catch similar vulnerabilities.