CVE-2018-18688

Published Jan 7, 2021

Last updated 5 days ago

CVSS medium 5.3

Overview

Description: The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-347

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:code-industry:master_pdf_editor:5.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E15C7D9-4587-4C0B-8E97-F2967C345164"
          },
          {
            "criteria": "cpe:2.3:a:code-industry:master_pdf_editor:5.1.68:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DB1198D-3C50-4112-8FBD-80BAEC085962"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8205B855-D8D6-44AB-99F8-B9773854F3CD"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE7DA80D-4E97-442A-9C55-43E579C54E9E",
            "versionEndExcluding": "9.4",
            "versionStartIncluding": "9.0"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:phantompdf:8.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B951C818-618B-4E28-8882-64083FD31F08"
          },
          {
            "criteria": "cpe:2.3:a:gonitro:nitro_pro:11.0.3.173:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DFA95E4-9780-4B0A-9996-95A257C8DE99"
          },
          {
            "criteria": "cpe:2.3:a:gonitro:nitro_reader:5.5.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B0A3796-4436-4706-A25C-04745B10D6DC"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdf_editor_6:6.4.2.3521:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9796785E-F5A4-4EB9-AE4C-3296449F0A27"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdfelement6:6.8.0.3523:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6FE27B0-5187-441A-8824-211838C71F3D"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdfelement6:6.8.4.3921:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "950C35B2-1B7F-495F-9947-0E992329954B"
          },
          {
            "criteria": "cpe:2.3:a:libreoffice:libreoffice:6.0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3CC1399-3DEF-4385-8B71-3F11DA88F331"
          },
          {
            "criteria": "cpe:2.3:a:libreoffice:libreoffice:6.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "699BE7A2-190A-43AC-9C63-4C8484FA465C"
          },
          {
            "criteria": "cpe:2.3:a:nuance:power_pdf_standard:3.0.0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "231818D4-C87B-4B0E-9ADD-B1332B92273D"
          },
          {
            "criteria": "cpe:2.3:a:nuance:power_pdf_standard:3.0.0.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8E33DF5-2430-4AFC-A725-08FBD20C6749"
          },
          {
            "criteria": "cpe:2.3:a:nuance:power_pdf_standard:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D8BE4D0-7106-47CA-9ADB-F4350CE2A527"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio:12.0.7:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8944C809-795C-4F8F-A593-988B529F08B0"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F47F57CB-769C-4ED3-91A4-D6489A8DD432"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F12D65-A39B-4F36-A219-1AEDD968C9D9"
          },
          {
            "criteria": "cpe:2.3:a:soft-xpansion:perfect_pdf_10:10.0.0.1:*:*:*:premium:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F094FAF3-15CB-4481-9B86-61EABB82AAF6"
          },
          {
            "criteria": "cpe:2.3:a:soft-xpansion:perfect_pdf_reader:13.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4F28BFA-F77A-4282-AA60-E25436AF98D1"
          },
          {
            "criteria": "cpe:2.3:a:soft-xpansion:perfect_pdf_reader:13.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E808A140-D375-4BE2-9EF1-4A17634ADAC2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:code-industry:master_pdf_editor:5.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E15C7D9-4587-4C0B-8E97-F2967C345164"
          },
          {
            "criteria": "cpe:2.3:a:code-industry:master_pdf_editor:5.1.68:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DB1198D-3C50-4112-8FBD-80BAEC085962"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07844440-3F26-40E1-A747-4642FBA9A9FA"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B8E8F6D-8560-42D6-AED5-91D0570A4A13"
          },
          {
            "criteria": "cpe:2.3:a:libreoffice:libreoffice:6.0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3CC1399-3DEF-4385-8B71-3F11DA88F331"
          },
          {
            "criteria": "cpe:2.3:a:libreoffice:libreoffice:6.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "699BE7A2-190A-43AC-9C63-4C8484FA465C"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio:12.0.7:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8944C809-795C-4F8F-A593-988B529F08B0"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F47F57CB-769C-4ED3-91A4-D6489A8DD432"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F12D65-A39B-4F36-A219-1AEDD968C9D9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:code-industry:master_pdf_editor:5.1.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B32744C-FC60-4E12-AF11-69D146A7F6A6"
          },
          {
            "criteria": "cpe:2.3:a:code-industry:master_pdf_editor:5.1.68:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DB1198D-3C50-4112-8FBD-80BAEC085962"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07844440-3F26-40E1-A747-4642FBA9A9FA"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B8E8F6D-8560-42D6-AED5-91D0570A4A13"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdf_editor_6:6.6.2.3315:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80241CB1-3BC7-4572-92A4-E348C50FAE9A"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdf_editor_6:6.7.6.3399:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8336F6DF-0677-4AED-B062-0E7957A7A293"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdfelement6:6.7.1.3355:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D3941F4-B294-4E22-A6FF-CF3085DF6C89"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdfelement6:6.7.6.3399:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A3DB79B-12A7-4E55-9499-36EED6688382"
          },
          {
            "criteria": "cpe:2.3:a:libreoffice:libreoffice:6.1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0657DEE-5DB0-487A-BA8F-7341C5004700"
          },
          {
            "criteria": "cpe:2.3:a:libreoffice:libreoffice:6.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "699BE7A2-190A-43AC-9C63-4C8484FA465C"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio:12.0.7:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8944C809-795C-4F8F-A593-988B529F08B0"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F47F57CB-769C-4ED3-91A4-D6489A8DD432"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F12D65-A39B-4F36-A219-1AEDD968C9D9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References