CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Arch... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19150
https://notcve.org/view.php?id=CVE-2018-19150
10 Nov 2018 — Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue. Corrupción de memoria en PDMODELProvidePDModelHFT en pdmodel.dll en pdfforge PDF Architect 6 permite a los atacantes remotos causar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, provocar otro tipo de impac... • https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •