Lucene search

K
cve[email protected]CVE-2018-18688
HistoryJan 07, 2021 - 6:15 p.m.

CVE-2018-18688

2021-01-0718:15:12
CWE-347
web.nvd.nist.gov
36
1
cve
2018
18688
pdf
signature
validation
vulnerability
foxit reader
phantompdf
libreoffice
nitro pro
nuance power pdf
pdfelement
perfect pdf.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.7%

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

Affected configurations

NVD
Node
code-industrymaster_pdf_editorMatch5.1.12
OR
code-industrymaster_pdf_editorMatch5.1.68
OR
foxitsoftwarefoxit_readerMatch9.4
OR
foxitsoftwarephantompdfRange9.09.4
OR
foxitsoftwarephantompdfMatch8.3.9
OR
gonitronitro_proMatch11.0.3.173
OR
gonitronitro_readerMatch5.5.9.2
OR
iskysoftpdf_editor_6Match6.4.2.3521professional
OR
iskysoftpdfelement6Match6.8.0.3523professional
OR
iskysoftpdfelement6Match6.8.4.3921professional
OR
libreofficelibreofficeMatch6.0.6.2
OR
libreofficelibreofficeMatch6.1.3.2
OR
nuancepower_pdf_standardMatch3.0.0.17
OR
nuancepower_pdf_standardMatch3.0.0.30
OR
nuancepower_pdf_standardMatch7.0
OR
qoppapdf_studioMatch12.0.7professional
OR
qoppapdf_studio_viewer_2018Match2018.0.1
OR
qoppapdf_studio_viewer_2018Match2018.2.0
OR
soft-xpansionperfect_pdf_10Match10.0.0.1premium
OR
soft-xpansionperfect_pdf_readerMatch13.0.3
OR
soft-xpansionperfect_pdf_readerMatch13.1.5
AND
microsoftwindowsMatch-
Node
linuxlinux_kernelMatch-
AND
code-industrymaster_pdf_editorMatch5.1.12
OR
code-industrymaster_pdf_editorMatch5.1.68
OR
foxitsoftwarefoxit_readerMatch9.1.0
OR
foxitsoftwarefoxit_readerMatch9.2.0
OR
libreofficelibreofficeMatch6.0.6.2
OR
libreofficelibreofficeMatch6.1.3.2
OR
qoppapdf_studioMatch12.0.7professional
OR
qoppapdf_studio_viewer_2018Match2018.0.1
OR
qoppapdf_studio_viewer_2018Match2018.2.0
Node
applemacosMatch-
AND
code-industrymaster_pdf_editorMatch5.1.24
OR
code-industrymaster_pdf_editorMatch5.1.68
OR
foxitsoftwarefoxit_readerMatch9.1.0
OR
foxitsoftwarefoxit_readerMatch9.2.0
OR
iskysoftpdf_editor_6Match6.6.2.3315professional
OR
iskysoftpdf_editor_6Match6.7.6.3399professional
OR
iskysoftpdfelement6Match6.7.1.3355professional
OR
iskysoftpdfelement6Match6.7.6.3399professional
OR
libreofficelibreofficeMatch6.1.0.3
OR
libreofficelibreofficeMatch6.1.3.2
OR
qoppapdf_studioMatch12.0.7professional
OR
qoppapdf_studio_viewer_2018Match2018.0.1
OR
qoppapdf_studio_viewer_2018Match2018.2.0

Social References

More

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.7%