MidnightBSD

Advisories for iskysoft

CVE-2018-16042 MEDIUM

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
adobe reader 11.0.23
iskysoft pdf_editor_6 6.7.6.3399
iskysoft pdfelement6 6.8.4.3921
iskysoft pdf_editor_6 6.6.2.3315
adobe acrobat_reader_dc *
iskysoft pdfelement6 6.7.6.3399
iskysoft pdf_editor_6 6.4.2.3521
iskysoft pdfelement6 6.7.1.3355
adobe reader 11.0.10
adobe acrobat_dc *
iskysoft pdfelement6 6.8.0.3523
CVE-2018-18688 MEDIUM

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
iskysoft pdfelement6 6.8.4.3921
libreoffice libreoffice 6.1.0.3
libreoffice libreoffice 6.1.3.2
code-industry master_pdf_editor 5.1.24
iskysoft pdfelement6 6.8.0.3523
iskysoft pdf_editor_6 6.6.2.3315
nuance power_pdf_standard 3.0.0.30
libreoffice libreoffice 6.0.6.2
gonitro nitro_pro 11.0.3.173
iskysoft pdf_editor_6 6.4.2.3521
foxitsoftware phantompdf 8.3.9
qoppa pdf_studio_viewer_2018 2018.2.0
nuance power_pdf_standard 7.0
qoppa pdf_studio_viewer_2018 2018.0.1
foxitsoftware foxit_reader 9.1.0
foxitsoftware foxit_reader 9.4
soft-xpansion perfect_pdf_10 10.0.0.1
nuance power_pdf_standard 3.0.0.17
foxitsoftware foxit_reader 9.2.0
gonitro nitro_reader 5.5.9.2
soft-xpansion perfect_pdf_reader 13.1.5
iskysoft pdf_editor_6 6.7.6.3399
code-industry master_pdf_editor 5.1.12
qoppa pdf_studio 12.0.7
iskysoft pdfelement6 6.7.6.3399
foxitsoftware phantompdf *
soft-xpansion perfect_pdf_reader 13.0.3
iskysoft pdfelement6 6.7.1.3355
code-industry master_pdf_editor 5.1.68
CVE-2018-18689 MEDIUM

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
iskysoft pdfelement6 6.8.4.3921
visagesoft expert_pdf_reader 9.0.180
iskysoft pdfelement6 6.8.0.3523
iskysoft pdf_editor_6 6.6.2.3315
gonitro nitro_pro 11.0.3.173
tracker-software pdf-xchange_viewer 2.5
pdf-xchange pdf-xchange_editor 7.0.237.1
iskysoft pdf_editor_6 6.4.2.3521
pdfforge pdf_architect 6.0.37
pdf-xchange pdf-xchange_editor 7.0.326
qoppa pdf_studio_viewer_2018 2018.2.0
pdfforge pdf_architect 6.1.24.1862
qoppa pdf_studio_viewer_2018 2018.0.1
foxitsoftware foxit_reader 9.1.0
soft-xpansion perfect_pdf_10 10.0.0.1
foxitsoftware foxit_reader 9.2.0
gonitro nitro_reader 5.5.9.2
avanquest expert_pdf_ultimate 12.0.20
avanquest pdf_experte_ultimate 9.0.270
foxitsoftware foxit_reader 9.3.0.10826
sodapdf soda_pdf_desktop 10.2.09
soft-xpansion perfect_pdf_reader 13.1.5
iskysoft pdf_editor_6 6.7.6.3399
qoppa pdf_studio 12.0.7
sodapdf soda_pdf_desktop 10.2.16.1217
iskysoft pdfelement6 6.7.6.3399
sodapdf soda_pdf 9.3.17
soft-xpansion perfect_pdf_reader 13.0.3
iskysoft pdfelement6 6.7.1.3355
foxitsoftware foxit_reader 9.2.0.9297