MidnightBSD

Advisories for avanquest

CVE-2018-18689 MEDIUM

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
pdfforge pdf_architect 6.0.37
iskysoft pdf_editor_6 6.6.2.3315
sodapdf soda_pdf_desktop 10.2.16.1217
soft-xpansion perfect_pdf_reader 13.0.3
tracker-software pdf-xchange_viewer 2.5
foxitsoftware foxit_reader 9.1.0
sodapdf soda_pdf_desktop 10.2.09
iskysoft pdf_editor_6 6.4.2.3521
pdf-xchange pdf-xchange_editor 7.0.326
foxitsoftware foxit_reader 9.2.0
foxitsoftware foxit_reader 9.3.0.10826
qoppa pdf_studio_viewer_2018 2018.0.1
iskysoft pdfelement6 6.7.1.3355
soft-xpansion perfect_pdf_reader 13.1.5
iskysoft pdfelement6 6.8.0.3523
gonitro nitro_reader 5.5.9.2
soft-xpansion perfect_pdf_10 10.0.0.1
iskysoft pdfelement6 6.8.4.3921
iskysoft pdfelement6 6.7.6.3399
pdfforge pdf_architect 6.1.24.1862
sodapdf soda_pdf 9.3.17
avanquest expert_pdf_ultimate 12.0.20
foxitsoftware foxit_reader 9.2.0.9297
visagesoft expert_pdf_reader 9.0.180
iskysoft pdf_editor_6 6.7.6.3399
qoppa pdf_studio_viewer_2018 2018.2.0
gonitro nitro_pro 11.0.3.173
qoppa pdf_studio 12.0.7
pdf-xchange pdf-xchange_editor 7.0.237.1
avanquest pdf_experte_ultimate 9.0.270
CVE-2022-30350

Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
avanquest pdfescape 3.19.2.2
CVE-2025-60865

Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.

Products Affected

Vendor Product Version
avanquest pc_helpsoft_driver_updater 9.1.57803.1174