- Vulnerability/
- USN-7471-1
USN-7471-1: poppler vulnerabilities
First published: Tue Apr 29 2025(Updated: )
It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacker could possibly use this issue to create documents with forged signatures that are treated as legitimately signed.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libpoppler147 | <25.03.0-3ubuntu1 | 25.03.0-3ubuntu1 |
| Ubuntu | =25.04 | |
| All of | ||
| ubuntu/poppler-utils | <25.03.0-3ubuntu1 | 25.03.0-3ubuntu1 |
| Ubuntu | =25.04 | |
| All of | ||
| ubuntu/libpoppler140 | <24.08.0-1ubuntu0.3 | 24.08.0-1ubuntu0.3 |
| Ubuntu | =24.10 | |
| All of | ||
| ubuntu/poppler-utils | <24.08.0-1ubuntu0.3 | 24.08.0-1ubuntu0.3 |
| Ubuntu | =24.10 | |
| All of | ||
| ubuntu/libpoppler134 | <24.02.0-1ubuntu9.4 | 24.02.0-1ubuntu9.4 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/poppler-utils | <24.02.0-1ubuntu9.4 | 24.02.0-1ubuntu9.4 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/libpoppler118 | <22.02.0-2ubuntu0.8 | 22.02.0-2ubuntu0.8 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/poppler-utils | <22.02.0-2ubuntu0.8 | 22.02.0-2ubuntu0.8 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libpoppler97 | <0.86.1-0ubuntu1.7 | 0.86.1-0ubuntu1.7 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/poppler-utils | <0.86.1-0ubuntu1.7 | 0.86.1-0ubuntu1.7 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libpoppler73 | <0.62.0-2ubuntu2.14+esm6 | 0.62.0-2ubuntu2.14+esm6 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/poppler-utils | <0.62.0-2ubuntu2.14+esm6 | 0.62.0-2ubuntu2.14+esm6 |
| Ubuntu | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2025-43903
- https://launchpad.net/ubuntu/+source/poppler/25.03.0-3ubuntu1
- https://launchpad.net/ubuntu/+source/poppler/24.08.0-1ubuntu0.3
- https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.4
- https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.8
- https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.7
- https://ubuntu.com/security/notices/USN-7471-1 (Advisory)
Frequently Asked Questions
What is the severity of USN-7471-1?
The severity of USN-7471-1 is considered high due to the potential for forged signatures in PDF documents.
How do I fix USN-7471-1?
To fix USN-7471-1, update to the recommended package versions of libpoppler147 or poppler-utils as specified in the advisory.
What software is affected by USN-7471-1?
USN-7471-1 affects various versions of the poppler library and related utilities used in Ubuntu.
Is my system vulnerable to USN-7471-1?
Systems running the affected versions of poppler or libpoppler are vulnerable to USN-7471-1.
When was USN-7471-1 released?
USN-7471-1 was released to address the vulnerability in the poppler library.
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/source
- agent/title
- agent/softwarecombine
- agent/description
- agent/tags
- agent/type
- agent/first-publish-date
- agent/event
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/25.04
- version/ubuntu/24.10
- version/ubuntu/24.04
- version/ubuntu/22.04
- version/ubuntu/20.04
- version/ubuntu/18.04