CVE-2025-43903: NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature...

4.3 CVSS

Description

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

Classification

CVE ID: CVE-2025-43903

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem Types

CWE-347 Improper Verification of Cryptographic Signature

Affected Products

Vendor: freedesktop

Product: Poppler

References

https://nvd.nist.gov/vuln/detail/CVE-2025-43903
https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669

Timeline

2025-04-18 22:40:14 UTC
CVE

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature...