CVE-2025-43903
Public on 2025-04-18
Modified on 2025-04-21
Description
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. The bug was introduced in poppler-0.42.0 (http://gitlab.freedesktop.org/poppler/poppler/-/commit/c7c0207b1cfe49a4353d6cda93dbebef4508138f).
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2023 | poppler | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 4.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
| NVD | CVSSv3 | 4.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |