Unrated severityNVD Advisory· Published Apr 18, 2025· Updated Apr 21, 2025
CVE-2025-43903
CVE-2025-43903
Description
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Range: <25.04.0
- osv-coords7 versionspkg:rpm/opensuse/poppler&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/poppler-qt5&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/poppler-qt6&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/poppler-qt5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/poppler-qt6&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 24.03.0-150600.3.13.1+ 6 more
- (no CPE)range: < 24.03.0-150600.3.13.1
- (no CPE)range: < 24.03.0-150600.3.13.1
- (no CPE)range: < 24.03.0-150600.3.13.1
- (no CPE)range: < 24.03.0-150600.3.13.1
- (no CPE)range: < 24.03.0-150600.3.13.1
- (no CPE)range: < 24.03.0-150600.3.13.1
- (no CPE)range: < 24.03.0-150600.3.13.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.