Advisories » MGASA-2025-0143

Updated poppler packages fix security vulnerabilitiy

Publication date: 05 May 2025
Modification date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43903

Description

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the
adbe.pkcs7.sha1 signatures on documents, resulting in potential
signature forgeries. (CVE-2025-43903)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34238
• https://ubuntu.com/security/notices/USN-7471-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43903

SRPMS

9/core

• poppler-23.02.0-1.6.mga9