USN-7471-1
- Source
- https://ubuntu.com/security/notices/USN-7471-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7471-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7471-1
- Upstream
- Related
- Published
- 2025-04-29T22:23:06.493804Z
- Modified
- 2025-10-13T04:41:07Z
- Summary
- poppler vulnerabilities
- Details
-
It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacker could possibly use this issue to create documents with forged signatures that are treated as legitimately signed.
- References
Affected packages
Ubuntu:Pro:18.04:LTS / poppler
Package
- Name
- poppler
- Purl
- pkg:deb/ubuntu/poppler@0.62.0-2ubuntu2.14+esm6?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.62.0-2ubuntu2.14+esm6
Affected versions
0.*
0.57.0-2ubuntu4
0.57.0-2ubuntu5
0.62.0-1ubuntu1
0.62.0-2ubuntu1
0.62.0-2ubuntu2
0.62.0-2ubuntu2.1
0.62.0-2ubuntu2.2
0.62.0-2ubuntu2.4
0.62.0-2ubuntu2.5
0.62.0-2ubuntu2.6
0.62.0-2ubuntu2.7
0.62.0-2ubuntu2.8
0.62.0-2ubuntu2.9
0.62.0-2ubuntu2.10
0.62.0-2ubuntu2.11
0.62.0-2ubuntu2.12
0.62.0-2ubuntu2.13
0.62.0-2ubuntu2.14
0.62.0-2ubuntu2.14+esm1
0.62.0-2ubuntu2.14+esm2
0.62.0-2ubuntu2.14+esm3
0.62.0-2ubuntu2.14+esm4
0.62.0-2ubuntu2.14+esm5
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-poppler-0.18",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler-cpp-dev",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler-cpp0v5",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler-dev",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler-glib-dev",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler-glib8",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler-private-dev",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler-qt5-1",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler-qt5-dev",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "libpoppler73",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
},
{
"binary_name": "poppler-utils",
"binary_version": "0.62.0-2ubuntu2.14+esm6"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2025-43903",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
Ubuntu:20.04:LTS / poppler
Package
- Name
- poppler
- Purl
- pkg:deb/ubuntu/poppler@0.86.1-0ubuntu1.7?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.86.1-0ubuntu1.7
Affected versions
0.*
0.80.0-0ubuntu1
0.80.0-0ubuntu3
0.80.0-0ubuntu4
0.80.0-0ubuntu5
0.85.0-1ubuntu1
0.85.0-1ubuntu3
0.86.1-0ubuntu1
0.86.1-0ubuntu1.1
0.86.1-0ubuntu1.2
0.86.1-0ubuntu1.3
0.86.1-0ubuntu1.4
0.86.1-0ubuntu1.5
0.86.1-0ubuntu1.6
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-poppler-0.18",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler-cpp-dev",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler-cpp0v5",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler-dev",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler-glib-dev",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler-glib8",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler-private-dev",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler-qt5-1",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler-qt5-dev",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "libpoppler97",
"binary_version": "0.86.1-0ubuntu1.7"
},
{
"binary_name": "poppler-utils",
"binary_version": "0.86.1-0ubuntu1.7"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2025-43903",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
Ubuntu:22.04:LTS / poppler
Package
- Name
- poppler
- Purl
- pkg:deb/ubuntu/poppler@22.02.0-2ubuntu0.8?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed22.02.0-2ubuntu0.8
Affected versions
21.*
21.06.1-1
21.11.0-1~ubuntu2
22.*
22.02.0-2
22.02.0-2ubuntu0.1
22.02.0-2ubuntu0.2
22.02.0-2ubuntu0.3
22.02.0-2ubuntu0.4
22.02.0-2ubuntu0.5
22.02.0-2ubuntu0.6
22.02.0-2ubuntu0.7
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-poppler-0.18",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler-cpp-dev",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler-cpp0v5",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler-dev",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler-glib-dev",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler-glib8",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler-private-dev",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler-qt5-1",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler-qt5-dev",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "libpoppler118",
"binary_version": "22.02.0-2ubuntu0.8"
},
{
"binary_name": "poppler-utils",
"binary_version": "22.02.0-2ubuntu0.8"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2025-43903",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS / poppler
Package
- Name
- poppler
- Purl
- pkg:deb/ubuntu/poppler@24.02.0-1ubuntu9.4?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.02.0-1ubuntu9.4
Affected versions
23.*
23.08.0-2ubuntu1
23.12.0-1ubuntu2
24.*
24.02.0-1ubuntu2
24.02.0-1ubuntu8
24.02.0-1ubuntu9
24.02.0-1ubuntu9.1
24.02.0-1ubuntu9.2
24.02.0-1ubuntu9.3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-poppler-0.18",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-cpp-dev",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-cpp0t64",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-dev",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-glib-dev",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-glib8t64",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-private-dev",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-qt5-1t64",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-qt5-dev",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-qt6-3t64",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler-qt6-dev",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "libpoppler134",
"binary_version": "24.02.0-1ubuntu9.4"
},
{
"binary_name": "poppler-utils",
"binary_version": "24.02.0-1ubuntu9.4"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2025-43903",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
Ubuntu:25.04 / poppler
Package
- Name
- poppler
- Purl
- pkg:deb/ubuntu/poppler@25.03.0-3ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25.03.0-3ubuntu1
Affected versions
24.*
24.08.0-1
24.08.0-3
25.*
25.01.0-1
25.01.0-2
25.01.0-3
25.01.0-4
25.01.0-5
25.03.0-2
25.03.0-3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-poppler-0.18",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-cpp-dev",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-cpp2",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-dev",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-glib-dev",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-glib8t64",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-private-dev",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-qt5-1t64",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-qt5-dev",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-qt6-3t64",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler-qt6-dev",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "libpoppler147",
"binary_version": "25.03.0-3ubuntu1"
},
{
"binary_name": "poppler-utils",
"binary_version": "25.03.0-3ubuntu1"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2025-43903",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.04"
}