CVE-2025-43903
Publication date 18 April 2025
Last updated 30 May 2025
Ubuntu priority
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| poppler | 25.04 plucky |
Fixed 25.03.0-3ubuntu1
|
| 24.10 oracular |
Fixed 24.08.0-1ubuntu0.3
|
|
| 24.04 LTS noble |
Fixed 24.02.0-1ubuntu9.4
|
|
| 22.04 LTS jammy |
Fixed 22.02.0-2ubuntu0.8
|
|
| 20.04 LTS focal |
Fixed 0.86.1-0ubuntu1.7
|
|
| 18.04 LTS bionic |
Fixed 0.62.0-2ubuntu2.14+esm6
|
|
| 16.04 LTS xenial |
Not affected
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProSeverity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-7471-1
- poppler vulnerabilities
- 29 April 2025