
We found results for “”
CVE-2025-43903
Good to know:

Date: April 17, 2025
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
Severity Score
Severity Score
Weakness Type (CWE)
Improper Verification of Cryptographic Signature
CWE-347Top Fix

Upgrade Version
Upgrade to version https://gitlab.freedesktop.org/poppler/poppler.git - poppler-25.04.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |