In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
This issue only affects applications compiled against NSS which use CMS (Cryptographic Message Syntax) API. Other applications are not affected.