CVE-2018-18689
Summary
| CVE | CVE-2018-18689 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-07 18:15:00 UTC |
| Updated | 2021-01-15 17:07:00 UTC |
| Description | The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. |
Risk And Classification
Problem Types: CWE-347
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Macos | - | All | All | All |
| Operating System | Apple | Macos | - | All | All | All |
| Application | Avanquest | Expert Pdf Ultimate | 12.0.20 | All | All | All |
| Application | Avanquest | Expert Pdf Ultimate | 12.0.20 | All | All | All |
| Application | Avanquest | Pdf Experte Ultimate | 9.0.270 | All | All | All |
| Application | Avanquest | Pdf Experte Ultimate | 9.0.270 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.1.0 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.2.0 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.2.0.9297 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.3.0.10826 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.1.0 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.2.0 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.2.0.9297 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.3.0.10826 | All | All | All |
| Application | Gonitro | Nitro Pro | 11.0.3.173 | All | All | All |
| Application | Gonitro | Nitro Pro | 11.0.3.173 | All | All | All |
| Application | Gonitro | Nitro Reader | 5.5.9.2 | All | All | All |
| Application | Gonitro | Nitro Reader | 5.5.9.2 | All | All | All |
| Application | Iskysoft | Pdfelement6 | 6.7.1.3355 | All | All | All |
| Application | Iskysoft | Pdfelement6 | 6.7.6.3399 | All | All | All |
| Application | Iskysoft | Pdfelement6 | 6.8.0.3523 | All | All | All |
| Application | Iskysoft | Pdfelement6 | 6.8.4.3921 | All | All | All |
| Application | Iskysoft | Pdfelement6 | 6.7.1.3355 | All | All | All |
| Application | Iskysoft | Pdfelement6 | 6.7.6.3399 | All | All | All |
| Application | Iskysoft | Pdfelement6 | 6.8.0.3523 | All | All | All |
| Application | Iskysoft | Pdfelement6 | 6.8.4.3921 | All | All | All |
| Application | Iskysoft | Pdf Editor 6 | 6.4.2.3521 | All | All | All |
| Application | Iskysoft | Pdf Editor 6 | 6.6.2.3315 | All | All | All |
| Application | Iskysoft | Pdf Editor 6 | 6.7.6.3399 | All | All | All |
| Application | Iskysoft | Pdf Editor 6 | 6.4.2.3521 | All | All | All |
| Application | Iskysoft | Pdf Editor 6 | 6.6.2.3315 | All | All | All |
| Application | Iskysoft | Pdf Editor 6 | 6.7.6.3399 | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Application | Pdfforge | Pdf Architect | 6.0.37 | All | All | All |
| Application | Pdfforge | Pdf Architect | 6.1.24.1862 | All | All | All |
| Application | Pdfforge | Pdf Architect | 6.0.37 | All | All | All |
| Application | Pdfforge | Pdf Architect | 6.1.24.1862 | All | All | All |
| Application | Qoppa | Pdf Studio | 12.0.7 | All | All | All |
| Application | Qoppa | Pdf Studio | 12.0.7 | All | All | All |
| Application | Qoppa | Pdf Studio Viewer 2018 | 2018.0.1 | All | All | All |
| Application | Qoppa | Pdf Studio Viewer 2018 | 2018.2.0 | All | All | All |
| Application | Qoppa | Pdf Studio Viewer 2018 | 2018.0.1 | All | All | All |
| Application | Qoppa | Pdf Studio Viewer 2018 | 2018.2.0 | All | All | All |
| Application | Sodapdf | Soda Pdf | 9.3.17 | All | All | All |
| Application | Sodapdf | Soda Pdf | 9.3.17 | All | All | All |
| Application | Sodapdf | Soda Pdf Desktop | 10.2.09 | All | All | All |
| Application | Sodapdf | Soda Pdf Desktop | 10.2.16.1217 | All | All | All |
| Application | Sodapdf | Soda Pdf Desktop | 10.2.09 | All | All | All |
| Application | Sodapdf | Soda Pdf Desktop | 10.2.16.1217 | All | All | All |
| Application | Soft-xpansion | Perfect Pdf 10 | 10.0.0.1 | All | All | All |
| Application | Soft-xpansion | Perfect Pdf 10 | 10.0.0.1 | All | All | All |
| Application | Soft-xpansion | Perfect Pdf Reader | 13.0.3 | All | All | All |
| Application | Soft-xpansion | Perfect Pdf Reader | 13.1.5 | All | All | All |
| Application | Soft-xpansion | Perfect Pdf Reader | 13.0.3 | All | All | All |
| Application | Soft-xpansion | Perfect Pdf Reader | 13.1.5 | All | All | All |
| Application | Tracker-software | Pdf-xchange Editor | 7.0.237.1 | All | All | All |
| Application | Tracker-software | Pdf-xchange Editor | 7.0.326 | All | All | All |
| Application | Tracker-software | Pdf-xchange Editor | 7.0.237.1 | All | All | All |
| Application | Tracker-software | Pdf-xchange Editor | 7.0.326 | All | All | All |
| Application | Tracker-software | Pdf-xchange Viewer | 2.5 | All | All | All |
| Application | Tracker-software | Pdf-xchange Viewer | 2.5 | All | All | All |
| Application | Visagesoft | Expert Pdf Reader | 9.0.180 | All | All | All |
| Application | Visagesoft | Expert Pdf Reader | 9.0.180 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletins | Foxit Software | CONFIRM | www.foxitsoftware.com | Vendor Advisory |
| pdf-insecurity.org – signature | MISC | pdf-insecurity.org | Third Party Advisory |
| Recently identified PDF digital signature vulnerabilities | PDF Association | MISC | www.pdfa.org | Third Party Advisory |
| PDF Insecurity Website | MISC | pdf-insecurity.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376809 Foxit PhantomPDF Prior to 8.3.9 Multiple Security Vulnerabilities