diff --git a/backport-CVE-2025-43718.patch b/backport-CVE-2025-43718.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d99ac9411c72852752d6a30cd0f4345e1c8e07d2
--- /dev/null
+++ b/backport-CVE-2025-43718.patch
@@ -0,0 +1,30 @@
+From f54b815672117c250420787c8c006de98e8c7408 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Wed, 26 Mar 2025 11:26:32 +0100
+Subject: [PATCH] Make sure regex doesn't stack overflow by limiting it
+
+Happens with very long pdfsubver strings when compiled with
+-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -flto=auto
+
+Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408
+Conflict:Adapt context
+---
+ poppler/PDFDoc.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/poppler/PDFDoc.cc b/poppler/PDFDoc.cc
+index 1374f1f..2de4cca 100644
+--- a/poppler/PDFDoc.cc
++++ b/poppler/PDFDoc.cc
+@@ -533,7 +533,7 @@ static PDFSubtypePart pdfPartFromString(PDFSubtype subtype, GooString *pdfSubtyp
+ }
+ 
+ static PDFSubtypeConformance pdfConformanceFromString(GooString *pdfSubtypeVersion) {
+-  const std::regex regex("PDF/(?:A|X|VT|E|UA)-[[:digit:]]([[:alpha:]]+)");
++  const std::regex regex("PDF/(?:A|X|VT|E|UA)-[[:digit:]]([[:alpha:]]{1,3})");
+   std::smatch match;
+   const std::string &pdfsubver = pdfSubtypeVersion->toStr();
+   PDFSubtypeConformance pdfConf = subtypeConfNone;
+-- 
+2.43.0
+
diff --git a/poppler.spec b/poppler.spec
index 6f6e28a10a723a42fae263c5a8c08bec7c3555a3..4d54ee56e8b75dc97eb7883ebbb3bc049c2c5917 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -4,7 +4,7 @@
 Summary:        PDF rendering library
 Name:           poppler
 Version:        0.90.0
-Release:        13
+Release:        14
 License:        (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:            http://poppler.freedesktop.org/
 Source0:        http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@@ -30,6 +30,7 @@ Patch6012:      backport-CVE-2025-32364.patch
 Patch6013:      backport-CVE-2025-32365.patch
 Patch6014:      backport-CVE-2025-52886.patch
 Patch6015:      backport-CVE-2025-50420.patch
+Patch6016:      backport-CVE-2025-43718.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -230,6 +231,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*
 
 %changelog
+* Thu Oct 09 2025 lingsheng <lingsheng1@h-partners.com> - 0.90.0-14
+- fix CVE-2025-43718
+
 * Tue Aug 05 2025 yujingbo <yujingbo@kylinos.cn> - 0.90.0-13
 - fix CVE-2025-50420