CVE-2025-52886 was announced here: https://www.openwall.com/lists/oss-security/2025/07/11/5 Poc: https://www.openwall.com/lists/oss-security/2025/07/12/1
Source RPM: (none) => poppler-25.04.0-2.mga10.src.rpm, poppler-23.02.0-1.6.mga9.src.rpmCVE: (none) => CVE-2025-52886Whiteboard: (none) => MGA9TOOStatus comment: (none) => Fixed upstream in 25.06.0
Assigning globally as different packagers commit poppler.
Assignee: bugsquad => pkg-bugs
Fixed in cauldron with poppler-25.07.0-1.mga10.
Version: Cauldron => 9CC: (none) => jani.valimaaWhiteboard: MGA9TOO => (none)Source RPM: poppler-25.04.0-2.mga10.src.rpm, poppler-23.02.0-1.6.mga9.src.rpm => poppler-23.02.0-1.6.mga9.src.rpm
Pushed poppler-23.02.0-1.7.mga9 to core/updates_testing. SRPMS: poppler-23.02.0-1.7.mga9 RPMS: poppler-23.02.0-1.7.mga9 lib(64)poppler126-23.02.0-1.7.mga9 lib(64)poppler-devel-23.02.0-1.7.mga9 lib(64)poppler-cpp0-23.02.0-1.7.mga9 lib(64)poppler-qt5-devel-23.02.0-1.7.mga9 lib(64)poppler-qt5_1-23.02.0-1.7.mga9 lib(64)poppler-qt6-devel-23.02.0-1.7.mga9 lib(64)poppler-qt6_3-23.02.0-1.7.mga9 lib(64)poppler-glib8-23.02.0-1.7.mga9 lib(64)poppler-gir0.18-23.02.0-1.7.mga9 lib(64)poppler-glib-devel-23.02.0-1.7.mga9 lib(64)poppler-cpp-devel-23.02.0-1.7.mga9
Assignee: pkg-bugs => qa-bugs
RH x86_64 Run the POC, use pdftohtml poc.pdf, I not wait until the overflow but is clear to me that something is rotten the use of memory keep growing installing lib64poppler-qt6_3-23.02.0-1.7.mga9.x86_64.rpm lib64poppler-qt5_1-23.02.0-1.7.mga9.x86_64.rpm lib64poppler-glib8-23.02.0-1.7.mga9.x86_64.rpm poppler-23.02.0-1.7.mga9.x86_64.rpm lib64poppler126-23.02.0-1.7.mga9.x86_64.rpm lib64poppler-cpp0-23.02.0-1.7.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/6: lib64poppler126 ################################################################################################## 2/6: lib64poppler-qt6_3 ################################################################################################## 3/6: lib64poppler-qt5_1 ################################################################################################## 4/6: lib64poppler-glib8 ################################################################################################## 5/6: poppler ################################################################################################## 6/6: lib64poppler-cpp0 ################################################################################################## 1/6: removing lib64poppler-cpp0-23.02.0-1.6.mga9.x86_64 ################################################################################################## 2/6: removing poppler-23.02.0-1.6.mga9.x86_64 ################################################################################################## 3/6: removing lib64poppler-glib8-23.02.0-1.6.mga9.x86_64 ################################################################################################## 4/6: removing lib64poppler-qt5_1-23.02.0-1.6.mga9.x86_64 ################################################################################################## 5/6: removing lib64poppler-qt6_3-23.02.0-1.6.mga9.x86_64 ################################################################################################## 6/6: removing lib64poppler126-23.02.0-1.6.mga9.x86_64 ################################################################################################## Run again pdftohtml poc.pdf Get a lot of Syntax Error: Page annotations object (page 1) is likely malformed. Too big: (16777216) Before get Syntax Error: Failed to create page (page 1) In just seconds strace okular file.pdf shows openat(AT_FDCWD, "/lib64/libpoppler-qt5.so.1", O_RDONLY|O_CLOEXEC) = 17 strace qpdfview file.pdf shows openat(AT_FDCWD, "/lib64/libpoppler-qt6.so.3", O_RDONLY|O_CLOEXEC) = 18 Looks good to me
Keywords: (none) => advisory
MGA9-64 server Plasma wayland on Compaq H000SB No installation issues. Tests from bug 32242: $ pdftohtml handleidingVM.pdf testpoppler.html Page-1 Page-2 Page-3 Page-4 Page-5 Page-6 Page-7 Page-8 Page-9 link to page 6 Page-10 Page-11 Page-12 $ firefox testpoppler.html Opens correctly with a page index as a lefthand column of links and the text and graphics to the right. $ pdftotext handleidingVM.pdf VM.txt Opened with pluma and text is complete with indicators where graphical items occured in the original document. These indicators are not shown in kwrite. From bug 32600 $ pdfimages handleidingVM.pdf handvm $ ls handvm* handvm-000.ppm handvm-002.ppm handvm-004.ppm handvm-006.ppm handvm-001.ppm handvm-003.ppm handvm-005.ppm handvm-007.ppm $ ls ha*.ppm | wc -l 8 $ pdfseparate -f 3 -l 10 handleidingVM.pdf page_%d $ okular page_* pages show up OK. With tests from Comment 4 above, this should be good for OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0214.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED