MidnightBSD

Advisories for code-industry

CVE-2018-18688 MEDIUM

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
iskysoft pdf_editor_6 6.7.6.3399
foxitsoftware foxit_reader 9.1.0
soft-xpansion perfect_pdf_reader 13.1.5
code-industry master_pdf_editor 5.1.24
iskysoft pdf_editor_6 6.6.2.3315
foxitsoftware foxit_reader 9.4
qoppa pdf_studio_viewer_2018 2018.0.1
soft-xpansion perfect_pdf_10 10.0.0.1
libreoffice libreoffice 6.1.0.3
foxitsoftware phantompdf 8.3.9
iskysoft pdf_editor_6 6.4.2.3521
code-industry master_pdf_editor 5.1.12
gonitro nitro_reader 5.5.9.2
iskysoft pdfelement6 6.8.0.3523
libreoffice libreoffice 6.1.3.2
qoppa pdf_studio_viewer_2018 2018.2.0
nuance power_pdf_standard 3.0.0.30
foxitsoftware foxit_reader 9.2.0
qoppa pdf_studio 12.0.7
code-industry master_pdf_editor 5.1.68
iskysoft pdfelement6 6.7.6.3399
soft-xpansion perfect_pdf_reader 13.0.3
nuance power_pdf_standard 7.0
nuance power_pdf_standard 3.0.0.17
iskysoft pdfelement6 6.8.4.3921
gonitro nitro_pro 11.0.3.173
foxitsoftware phantompdf *
iskysoft pdfelement6 6.7.1.3355
libreoffice libreoffice 6.0.6.2