CVE-2025-43903

Опубликовано: 18 апр. 2025

Источник: redhat

CVSS3: 4.3

EPSS Низкий

Описание

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

A flaw was found in Poppler. For signatures with non-empty encapsulated content, typically adbe.pkcs7.sha1, it would only compare hash values, and SignatureValue was never checked within SignerInfo. This issue could lead to signature forgeries.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	poppler	Fix deferred
Red Hat Enterprise Linux 7	poppler	Fix deferred
Red Hat Enterprise Linux 8	poppler	Fix deferred
Red Hat Enterprise Linux 9	poppler	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-347

https://bugzilla.redhat.com/show_bug.cgi?id=2361067poppler: SignatureValue not checked within SignerInfo

EPSS

Процентиль: 0%

0.00008

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-43903

CVSS3: 4.3

ubuntu

2 месяца назад

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CVE-2025-43903

CVSS3: 4.3

nvd

2 месяца назад

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CVE-2025-43903

CVSS3: 4.3

debian

2 месяца назад

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the ...

SUSE-SU-2025:1434-1

suse-cvrf

около 2 месяцев назад

Security update for poppler

GHSA-4w9g-4h2x-7qxq

CVSS3: 4.3

github

2 месяца назад

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

EPSS

Процентиль: 0%

0.00008

Низкий

4.3 Medium

CVSS3