MidnightBSD

Advisories for nuance

CVE-2013-0113 HIGH

Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nuance pdf_reader 7.0
nuance pdf_reader_plus 7.1
CVE-2013-0732 HIGH

Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before 8.1 allows remote attackers to execute arbitrary code via crafted font table directory values in a TTF file, related to naming table entries.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nuance pdf_reader 6.0
nuance pdf_reader *
CVE-2018-18688 MEDIUM

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
qoppa pdf_studio 12.0.7
iskysoft pdfelement6 6.7.6.3399
code-industry master_pdf_editor 5.1.12
libreoffice libreoffice 6.1.0.3
foxitsoftware phantompdf *
iskysoft pdfelement6 6.8.4.3921
foxitsoftware phantompdf 8.3.9
nuance power_pdf_standard 3.0.0.17
iskysoft pdf_editor_6 6.6.2.3315
iskysoft pdfelement6 6.7.1.3355
soft-xpansion perfect_pdf_10 10.0.0.1
libreoffice libreoffice 6.0.6.2
iskysoft pdf_editor_6 6.7.6.3399
foxitsoftware foxit_reader 9.4
soft-xpansion perfect_pdf_reader 13.0.3
iskysoft pdfelement6 6.8.0.3523
qoppa pdf_studio_viewer_2018 2018.2.0
code-industry master_pdf_editor 5.1.24
nuance power_pdf_standard 7.0
nuance power_pdf_standard 3.0.0.30
gonitro nitro_reader 5.5.9.2
libreoffice libreoffice 6.1.3.2
qoppa pdf_studio_viewer_2018 2018.0.1
soft-xpansion perfect_pdf_reader 13.1.5
foxitsoftware foxit_reader 9.1.0
gonitro nitro_pro 11.0.3.173
code-industry master_pdf_editor 5.1.68
iskysoft pdf_editor_6 6.4.2.3521
foxitsoftware foxit_reader 9.2.0
CVE-2021-37599 HIGH

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
nuance winscribe_dictation 4.1.0.99