Main Vulnerability Database SB2025102489

SB2025102489 - openEuler 20.03 LTS SP4 update for poppler

Published: October 24, 2025

Security Bulletin ID SB2025102489

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper verification of cryptographic signature (CVE-ID: CVE-2025-43903)

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to incorrect adbe.pkcs7.sha1 signature verification in NSSCryptoSignBackend.cc. A remote attacker can create a specially crafted file that bypasses signature verification process and allows to perform document forgery.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2521

Vulnerable Software

openEuler: 20.03 LTS SP4
poppler-help: before 0.90.0-16
poppler-glib-doc: before 0.90.0-16
poppler-utils: before 0.90.0-16
poppler-qt5-devel: before 0.90.0-16
poppler-qt5: before 0.90.0-16
poppler-glib-devel: before 0.90.0-16
poppler-glib: before 0.90.0-16
poppler-devel: before 0.90.0-16
poppler-debugsource: before 0.90.0-16
poppler-debuginfo: before 0.90.0-16
poppler-cpp-devel: before 0.90.0-16
poppler-cpp: before 0.90.0-16
poppler: before 0.90.0-16

SB2025102489 - openEuler 20.03 LTS SP4 update for poppler

Breakdown by Severity

Description

Remediation

References

Please verify you're human