CVE-2025-43903

Medium CVSS: 4.3

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

Vendor

Freedesktop

Product

Poppler

CWE

CWE-347

Yayın Tarihi

2025-04-18 21:15:44

Güncelleme

2025-10-06 16:37:14

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-347 Poppler MEDIUM Freedesktop 2025

Referanslar

https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669

Benzer Kayıtlar

High

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or…

Low

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can expl…

Medium

CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via…

Medium

CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std…

Medium

CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in…

Medium

CVE-2025-32364

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash whe…