← Back

CVE-2018-18688

nvd nist
Published: Jan 7, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

Affected (29)

Show all products
Foxitsoftware: Foxit Reader, Phantompdf · Gonitro: Nitro Pro, Nitro Reader · Iskysoft: Pdf Editor 6, Pdfelement6 · Nuance: Power Pdf Standard · Soft Xpansion: Perfect Pdf 10, Perfect Pdf Reader · Code Industry: Master Pdf Editor · Libreoffice: Libreoffice · Qoppa: Pdf Studio, Pdf Studio Viewer 2018
Foxitsoftware
2 products
Foxit Reader
Phantompdf
Gonitro
2 products
Nitro Pro
Nitro Reader
Iskysoft
2 products
Pdf Editor 6
Pdfelement6
Nuance
1 product
Power Pdf Standard
Soft Xpansion
2 products
Perfect Pdf 10
Perfect Pdf Reader
Code Industry
1 product
Master Pdf Editor
Libreoffice
1 product
Libreoffice
Qoppa
2 products
Pdf Studio
Pdf Studio Viewer 2018
Configuration A
14 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Foxit Reader
Version 9.4
Foxitsoftware
Phantompdf
From 9.0 to 9.4
Phantompdf
Version 8.3.9
Nitro Pro
Version 11.0.3.173
Nitro Reader
Version 5.5.9.2
Pdf Editor 6
Version 6.4.2.3521
Iskysoft
Pdfelement6
Version 6.8.0.3523
Pdfelement6
Version 6.8.4.3921
Nuance
Power Pdf Standard
Version 3.0.0.17
Power Pdf Standard
Version 3.0.0.30
Power Pdf Standard
Version 7.0
Perfect Pdf 10
Version 10.0.0.1
Soft Xpansion
Perfect Pdf Reader
Version 13.0.3
Perfect Pdf Reader
Version 13.1.5
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Master Pdf Editor
Version 5.1.12
Libreoffice
Version 6.0.6.2
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Configuration C
13 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Code Industry
Master Pdf Editor
Version 5.1.24
Master Pdf Editor
Version 5.1.68
Foxitsoftware
Foxit Reader
Version 9.1.0
Foxit Reader
Version 9.2.0
Iskysoft
Pdf Editor 6
Version 6.6.2.3315
Pdf Editor 6
Version 6.7.6.3399
Iskysoft
Pdfelement6
Version 6.7.1.3355
Pdfelement6
Version 6.7.6.3399
Libreoffice
Libreoffice
Version 6.1.0.3
Libreoffice
Version 6.1.3.2
Pdf Studio
Version 12.0.7
Qoppa
Pdf Studio Viewer 2018
Version 2018.0.1
Pdf Studio Viewer 2018
Version 2018.2.0
Running on/withPlatform Versions
Apple
Macos
All versions

Related CWEs

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (8)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.