ALAS2023-2025-1172

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1172
Advisory Released Date: 2025-09-08
Advisory Updated Date: 2025-09-08
Severity: Medium
Issue Overview:

An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory dump. (CVE-2025-50422)


Affected Packages:

cairo


Issue Correction:
Run dnf update cairo --releasever 2023.8.20250908 or dnf update --advisory ALAS2023-2025-1172 --releasever 2023.8.20250908 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    cairo-tools-debuginfo-1.18.0-4.amzn2023.0.3.aarch64
    cairo-gobject-1.18.0-4.amzn2023.0.3.aarch64
    cairo-debuginfo-1.18.0-4.amzn2023.0.3.aarch64
    cairo-gobject-debuginfo-1.18.0-4.amzn2023.0.3.aarch64
    cairo-debugsource-1.18.0-4.amzn2023.0.3.aarch64
    cairo-devel-1.18.0-4.amzn2023.0.3.aarch64
    cairo-tools-1.18.0-4.amzn2023.0.3.aarch64
    cairo-gobject-devel-1.18.0-4.amzn2023.0.3.aarch64
    cairo-1.18.0-4.amzn2023.0.3.aarch64

src:
    cairo-1.18.0-4.amzn2023.0.3.src

x86_64:
    cairo-tools-debuginfo-1.18.0-4.amzn2023.0.3.x86_64
    cairo-gobject-1.18.0-4.amzn2023.0.3.x86_64
    cairo-gobject-debuginfo-1.18.0-4.amzn2023.0.3.x86_64
    cairo-debugsource-1.18.0-4.amzn2023.0.3.x86_64
    cairo-debuginfo-1.18.0-4.amzn2023.0.3.x86_64
    cairo-1.18.0-4.amzn2023.0.3.x86_64
    cairo-tools-1.18.0-4.amzn2023.0.3.x86_64
    cairo-gobject-devel-1.18.0-4.amzn2023.0.3.x86_64
    cairo-devel-1.18.0-4.amzn2023.0.3.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-50422

Mitre: CVE-2025-50422