Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 25.04: 7471-1 moderate: poppler forged signature issue

ubuntu
Calendar Grey April 29, 2025
Dist Ubuntu Esm H88
Enhance your Ubuntu operating environment by ensuring that poppler does not permit the acceptance of falsified document signatures.
poppler could be made to treat documents with forged signatures as legitimately signed.

Summary

poppler could be made to treat documents with forged signatures as

legitimately signed.

Software Description:

- poppler: PDF rendering library

Details:

It was discovered that poppler did not properly verify adbe.pkcs7.sha1

signatures in PDF documents. An attacker could possibly use this issue

to create documents with forged signatures that are treated as

legitimately signed.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
   libpoppler147                   25.03.0-3ubuntu1
   poppler-utils                   25.03.0-3ubuntu1

Ubuntu 24.10
   libpoppler140                   24.08.0-1ubuntu0.3
   poppler-utils                   24.08.0-1ubuntu0.3

Ubuntu 24.04 LTS
   libpoppler134                   24.02.0-1ubuntu9.4
   poppler-utils                   24.02.0-1ubuntu9.4

Ubuntu 22.04 LTS
   libpoppler118                   22.02.0-2ubuntu0.8
   poppler-utils                   22.02.0-2ubuntu0.8

Ubuntu 20.04 LTS
   libpoppler97                    0.86.1-0ubuntu1.7
   poppler-utils                   0.86.1-0ubuntu1.7

Ubuntu 18.04 LTS
   libpoppler73                    0.62.0-2ubuntu2.14+esm6
                                   Available with Ubuntu Pro
   poppler-utils                   0.62.0-2ubuntu2.14+esm6
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7471-1

  CVE-2025-43903

Ubuntu Security Notice USN-7471-1

Package Information

  https://launchpad.net/ubuntu/+source/poppler/25.03.0-3ubuntu1
  https://launchpad.net/ubuntu/+source/poppler/24.08.0-1ubuntu0.3
  https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.4
  https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.8
  https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here