MidnightBSD

Advisories for visagesoft

CVE-2018-18689 MEDIUM

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
soft-xpansion perfect_pdf_10 10.0.0.1
sodapdf soda_pdf_desktop 10.2.09
pdfforge pdf_architect 6.0.37
pdf-xchange pdf-xchange_editor 7.0.326
iskysoft pdf_editor_6 6.7.6.3399
soft-xpansion perfect_pdf_reader 13.0.3
soft-xpansion perfect_pdf_reader 13.1.5
foxitsoftware foxit_reader 9.1.0
iskysoft pdf_editor_6 6.4.2.3521
visagesoft expert_pdf_reader 9.0.180
iskysoft pdf_editor_6 6.6.2.3315
qoppa pdf_studio 12.0.7
sodapdf soda_pdf 9.3.17
qoppa pdf_studio_viewer_2018 2018.0.1
avanquest expert_pdf_ultimate 12.0.20
avanquest pdf_experte_ultimate 9.0.270
sodapdf soda_pdf_desktop 10.2.16.1217
gonitro nitro_reader 5.5.9.2
foxitsoftware foxit_reader 9.2.0.9297
pdf-xchange pdf-xchange_editor 7.0.237.1
tracker-software pdf-xchange_viewer 2.5
gonitro nitro_pro 11.0.3.173
iskysoft pdfelement6 6.8.4.3921
pdfforge pdf_architect 6.1.24.1862
iskysoft pdfelement6 6.7.6.3399
foxitsoftware foxit_reader 9.3.0.10826
iskysoft pdfelement6 6.7.1.3355
iskysoft pdfelement6 6.8.0.3523
foxitsoftware foxit_reader 9.2.0
qoppa pdf_studio_viewer_2018 2018.2.0