CVE-2025-43903

Опубликовано: 18 апр. 2025

Источник: redhat

CVSS3: 4.3

Описание

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

A flaw was found in Poppler. For signatures with non-empty encapsulated content, typically adbe.pkcs7.sha1, it would only compare hash values, and SignatureValue was never checked within SignerInfo. This issue could lead to signature forgeries.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	poppler	Fix deferred
Red Hat Enterprise Linux 6	poppler	Fix deferred
Red Hat Enterprise Linux 7	poppler	Fix deferred
Red Hat Enterprise Linux 8	poppler	Fix deferred
Red Hat Enterprise Linux 9	poppler	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-347

https://bugzilla.redhat.com/show_bug.cgi?id=2361067poppler: SignatureValue not checked within SignerInfo

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-43903

CVSS3: 4.3

ubuntu

10 месяцев назад

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CVE-2025-43903

CVSS3: 4.3

nvd

10 месяцев назад

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CVE-2025-43903

CVSS3: 4.3

debian

10 месяцев назад

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the ...

SUSE-SU-2025:1434-1

suse-cvrf

9 месяцев назад

Security update for poppler

GHSA-4w9g-4h2x-7qxq

CVSS3: 4.3

github

10 месяцев назад

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

4.3 Medium

CVSS3