← Back

CVE-2018-18689

nvd nist
Published: Jan 7, 2021Modified: Nov 27, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.

Affected (30)

Show all products
Avanquest: Expert Pdf Ultimate, Pdf Experte Ultimate · Foxitsoftware: Foxit Reader · Gonitro: Nitro Pro, Nitro Reader · Iskysoft: Pdf Editor 6, Pdfelement6 · Pdf Xchange: Pdf Xchange Editor · Pdfforge: Pdf Architect · Sodapdf: Soda Pdf, Soda Pdf Desktop · Soft Xpansion: Perfect Pdf 10, Perfect Pdf Reader · Tracker Software: Pdf Xchange Viewer · Visagesoft: Expert Pdf Reader · Qoppa: Pdf Studio, Pdf Studio Viewer 2018
Avanquest
2 products
Expert Pdf Ultimate
Pdf Experte Ultimate
Foxitsoftware
1 product
Foxit Reader
Gonitro
2 products
Nitro Pro
Nitro Reader
Iskysoft
2 products
Pdf Editor 6
Pdfelement6
Pdf Xchange
1 product
Pdf Xchange Editor
Pdfforge
1 product
Pdf Architect
Sodapdf
2 products
Soda Pdf
Soda Pdf Desktop
Soft Xpansion
2 products
Perfect Pdf 10
Perfect Pdf Reader
Tracker Software
1 product
Pdf Xchange Viewer
Visagesoft
1 product
Expert Pdf Reader
Qoppa
2 products
Pdf Studio
Pdf Studio Viewer 2018
Configuration A
21 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Expert Pdf Ultimate
Version 12.0.20
Pdf Experte Ultimate
Version 9.0.270
Foxitsoftware
Foxit Reader
Version 9.2.0.9297
Foxit Reader
Version 9.3.0.10826
Nitro Pro
Version 11.0.3.173
Nitro Reader
Version 5.5.9.2
Pdf Editor 6
Version 6.4.2.3521
Iskysoft
Pdfelement6
Version 6.8.0.3523
Pdfelement6
Version 6.8.4.3921
Pdf Xchange
Pdf Xchange Editor
Version 7.0.237.1
Pdf Xchange Editor
Version 7.0.326
Pdfforge
Pdf Architect
Version 6.0.37
Pdf Architect
Version 6.1.24.1862
Soda Pdf
Version 9.3.17
Sodapdf
Soda Pdf Desktop
Version 10.2.09
Soda Pdf Desktop
Version 10.2.16.1217
Perfect Pdf 10
Version 10.0.0.1
Soft Xpansion
Perfect Pdf Reader
Version 13.0.3
Perfect Pdf Reader
Version 13.1.5
Pdf Xchange Viewer
Version 2.5
Expert Pdf Reader
Version 9.0.180
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration B
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Iskysoft
Pdf Editor 6
Version 6.6.2.3315
Pdf Editor 6
Version 6.7.6.3399
Iskysoft
Pdfelement6
Version 6.7.1.3355
Pdfelement6
Version 6.7.6.3399
Running on/withPlatform Versions
Apple
Macos
All versions
Configuration C
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Foxitsoftware
Foxit Reader
Version 9.1.0
Foxit Reader
Version 9.2.0
Pdf Studio
Version 12.0.7
Qoppa
Pdf Studio Viewer 2018
Version 2018.0.1
Pdf Studio Viewer 2018
Version 2018.2.0
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (8)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.