CVE-2018-18689

Published Jan 7, 2021

Last updated 5 days ago

CVSS medium 5.3

Overview

Description: The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-347

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:avanquest:expert_pdf_ultimate:12.0.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0998FDC0-7FC7-4A2C-993C-97BC76F27FBD"
          },
          {
            "criteria": "cpe:2.3:a:avanquest:pdf_experte_ultimate:9.0.270:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CACE318F-ADDC-4B2F-8080-686C7430D12C"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07844440-3F26-40E1-A747-4642FBA9A9FA"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.2.0.9297:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0777020-4D36-4651-84D8-561767558118"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.3.0.10826:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5DFC3EB-168B-43C9-8C83-6FED38A2D3B2"
          },
          {
            "criteria": "cpe:2.3:a:gonitro:nitro_pro:11.0.3.173:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DFA95E4-9780-4B0A-9996-95A257C8DE99"
          },
          {
            "criteria": "cpe:2.3:a:gonitro:nitro_reader:5.5.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B0A3796-4436-4706-A25C-04745B10D6DC"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdf_editor_6:6.4.2.3521:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9796785E-F5A4-4EB9-AE4C-3296449F0A27"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdfelement6:6.8.0.3523:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6FE27B0-5187-441A-8824-211838C71F3D"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdfelement6:6.8.4.3921:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "950C35B2-1B7F-495F-9947-0E992329954B"
          },
          {
            "criteria": "cpe:2.3:a:pdfforge:pdf_architect:6.0.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AD75B84-647C-46A1-8A6B-E667FDA0FB60"
          },
          {
            "criteria": "cpe:2.3:a:pdfforge:pdf_architect:6.1.24.1862:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E48700-11CF-4992-8FD7-2A19620D36EA"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio:12.0.7:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8944C809-795C-4F8F-A593-988B529F08B0"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F47F57CB-769C-4ED3-91A4-D6489A8DD432"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F12D65-A39B-4F36-A219-1AEDD968C9D9"
          },
          {
            "criteria": "cpe:2.3:a:sodapdf:soda_pdf:9.3.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D234AC23-0D76-4D3F-9CF4-93966728C4CF"
          },
          {
            "criteria": "cpe:2.3:a:sodapdf:soda_pdf_desktop:10.2.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96109777-AC81-4D51-ACEB-FDB3441A0D9F"
          },
          {
            "criteria": "cpe:2.3:a:sodapdf:soda_pdf_desktop:10.2.16.1217:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A44A53AE-E8F0-4FAC-9942-F05D29E1B8CF"
          },
          {
            "criteria": "cpe:2.3:a:soft-xpansion:perfect_pdf_10:10.0.0.1:*:*:*:premium:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F094FAF3-15CB-4481-9B86-61EABB82AAF6"
          },
          {
            "criteria": "cpe:2.3:a:soft-xpansion:perfect_pdf_reader:13.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4F28BFA-F77A-4282-AA60-E25436AF98D1"
          },
          {
            "criteria": "cpe:2.3:a:soft-xpansion:perfect_pdf_reader:13.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E808A140-D375-4BE2-9EF1-4A17634ADAC2"
          },
          {
            "criteria": "cpe:2.3:a:tracker-software:pdf-xchange_editor:7.0.237.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78F2A959-1E6D-4255-B57F-BF66351EF6E8"
          },
          {
            "criteria": "cpe:2.3:a:tracker-software:pdf-xchange_editor:7.0.326:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD74AF39-AE51-4767-B30E-BF1D320710EF"
          },
          {
            "criteria": "cpe:2.3:a:tracker-software:pdf-xchange_viewer:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B10625F-4F1D-4C00-AC17-ECBD4A6DEB32"
          },
          {
            "criteria": "cpe:2.3:a:visagesoft:expert_pdf_reader:9.0.180:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14B07BD4-0FC3-4471-B58B-2ADBA36B08D6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07844440-3F26-40E1-A747-4642FBA9A9FA"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B8E8F6D-8560-42D6-AED5-91D0570A4A13"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdf_editor_6:6.6.2.3315:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80241CB1-3BC7-4572-92A4-E348C50FAE9A"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdf_editor_6:6.7.6.3399:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8336F6DF-0677-4AED-B062-0E7957A7A293"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdfelement6:6.7.1.3355:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D3941F4-B294-4E22-A6FF-CF3085DF6C89"
          },
          {
            "criteria": "cpe:2.3:a:iskysoft:pdfelement6:6.7.6.3399:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A3DB79B-12A7-4E55-9499-36EED6688382"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio:12.0.7:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8944C809-795C-4F8F-A593-988B529F08B0"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F47F57CB-769C-4ED3-91A4-D6489A8DD432"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F12D65-A39B-4F36-A219-1AEDD968C9D9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07844440-3F26-40E1-A747-4642FBA9A9FA"
          },
          {
            "criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:9.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B8E8F6D-8560-42D6-AED5-91D0570A4A13"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio:12.0.7:*:*:*:professional:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8944C809-795C-4F8F-A593-988B529F08B0"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F47F57CB-769C-4ED3-91A4-D6489A8DD432"
          },
          {
            "criteria": "cpe:2.3:a:qoppa:pdf_studio_viewer_2018:2018.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F12D65-A39B-4F36-A219-1AEDD968C9D9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References