Lucene search

[email protected]CVE-2018-18688

HistoryJan 07, 2021 - 6:15 p.m.

CVE-2018-18688

2021-01-0718:15:12

CWE-347

[email protected]

web.nvd.nist.gov

cve

2018

18688

pdf

signature

validation

vulnerability

foxit reader

phantompdf

libreoffice

nitro pro

nuance power pdf

pdfelement

perfect pdf.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.7%

JSON

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

Affected configurations

NVD

Node

code-industrymaster_pdf_editorMatch5.1.12

code-industrymaster_pdf_editorMatch5.1.68

foxitsoftwarefoxit_readerMatch9.4

foxitsoftwarephantompdfRange9.0–9.4

foxitsoftwarephantompdfMatch8.3.9

gonitronitro_proMatch11.0.3.173

gonitronitro_readerMatch5.5.9.2

iskysoftpdf_editor_6Match6.4.2.3521professional

iskysoftpdfelement6Match6.8.0.3523professional

iskysoftpdfelement6Match6.8.4.3921professional

libreofficelibreofficeMatch6.0.6.2

libreofficelibreofficeMatch6.1.3.2

nuancepower_pdf_standardMatch3.0.0.17

nuancepower_pdf_standardMatch3.0.0.30

nuancepower_pdf_standardMatch7.0

qoppapdf_studioMatch12.0.7professional

qoppapdf_studio_viewer_2018Match2018.0.1

qoppapdf_studio_viewer_2018Match2018.2.0

soft-xpansionperfect_pdf_10Match10.0.0.1premium

soft-xpansionperfect_pdf_readerMatch13.0.3

soft-xpansionperfect_pdf_readerMatch13.1.5

AND

microsoftwindowsMatch-

Node

linuxlinux_kernelMatch-

AND

code-industrymaster_pdf_editorMatch5.1.12

code-industrymaster_pdf_editorMatch5.1.68

foxitsoftwarefoxit_readerMatch9.1.0

foxitsoftwarefoxit_readerMatch9.2.0

libreofficelibreofficeMatch6.0.6.2

libreofficelibreofficeMatch6.1.3.2

qoppapdf_studioMatch12.0.7professional

qoppapdf_studio_viewer_2018Match2018.0.1

qoppapdf_studio_viewer_2018Match2018.2.0

Node

applemacosMatch-

AND

code-industrymaster_pdf_editorMatch5.1.24

code-industrymaster_pdf_editorMatch5.1.68

foxitsoftwarefoxit_readerMatch9.1.0

foxitsoftwarefoxit_readerMatch9.2.0

iskysoftpdf_editor_6Match6.6.2.3315professional

iskysoftpdf_editor_6Match6.7.6.3399professional

iskysoftpdfelement6Match6.7.1.3355professional

iskysoftpdfelement6Match6.7.6.3399professional

libreofficelibreofficeMatch6.1.0.3

libreofficelibreofficeMatch6.1.3.2

qoppapdf_studioMatch12.0.7professional

qoppapdf_studio_viewer_2018Match2018.0.1

qoppapdf_studio_viewer_2018Match2018.2.0

CPENameOperatorVersion
code-industry:master_pdf_editorcode-industry master pdf editoreq5.1.12
code-industry:master_pdf_editorcode-industry master pdf editoreq5.1.68
foxitsoftware:foxit_readerfoxitsoftware foxit readereq9.4
foxitsoftware:phantompdffoxitsoftware phantompdflt9.4
foxitsoftware:phantompdffoxitsoftware phantompdfeq8.3.9
gonitro:nitro_progonitro nitro proeq11.0.3.173
gonitro:nitro_readergonitro nitro readereq5.5.9.2
iskysoft:pdf_editor_6iskysoft pdf editor 6eq6.4.2.3521
iskysoft:pdfelement6iskysoft pdfelement6eq6.8.0.3523
iskysoft:pdfelement6iskysoft pdfelement6eq6.8.4.3921

CPE	Name	Operator	Version
code-industry:master_pdf_editor	code-industry master pdf editor	eq	5.1.12
code-industry:master_pdf_editor	code-industry master pdf editor	eq	5.1.68
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	9.4
foxitsoftware:phantompdf	foxitsoftware phantompdf	lt	9.4
foxitsoftware:phantompdf	foxitsoftware phantompdf	eq	8.3.9
gonitro:nitro_pro	gonitro nitro pro	eq	11.0.3.173
gonitro:nitro_reader	gonitro nitro reader	eq	5.5.9.2
iskysoft:pdf_editor_6	iskysoft pdf editor 6	eq	6.4.2.3521
iskysoft:pdfelement6	iskysoft pdfelement6	eq	6.8.0.3523
iskysoft:pdfelement6	iskysoft pdfelement6	eq	6.8.4.3921

Rows per page:

1-10 of 211

References

pdf-insecurity.org/signature/evaluation_2018.html

pdf-insecurity.org/signature/signature.html

www.foxitsoftware.com/support/security-bulletins.php

www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/

Social References

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.7%

JSON

Related for CVE-2018-18688

prion1 nvd1 cvelist1 kaspersky1 nessus3 openvas2