Poppler Infinite Recursion Vulnerability in Pdfseparate Utility Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in the pdfseparate utility of Poppler, a PDF rendering library maintained by freedesktop. This issue, present in Poppler versions prior to 25.07.0, arises from the PDFDoc processing logic, specifically in how it handles annotation dictionaries. Attackers can craft PDF files with self-referencing or mutually referencing annotation dictionaries, causing the pdfseparate utility to enter an infinite recursion. This recursion exhausts the application's call stack, leading to a crash or hang.

Impact

Exploitation of this vulnerability causes the application to hang or crash, due to a segmentation fault from a stack overflow, after processing a malicious PDF file.

Reproduction

The vulnerability can be reproduced by using the pdfseparate utility to process a crafted PDF file that contains self-referencing or mutually referencing annotation dictionaries. This can be done by uploading the malicious PDF file to a system with Poppler 25.04.0 installed, and then using pdfseparate to process the file. The application will crash after a short period, due to the infinite recursion caused by the annotation references.

Remediation

Users can upgrade to Poppler version 25.07.0 or later, where this vulnerability has been fixed.