CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. • https://pdf-insecurity.org/signature/evaluation_2018.html https://pdf-insecurity.org/signature/signature.html https://www.foxitsoftware.com/support/security-bulletins.php https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2018-6462
https://notcve.org/view.php?id=CVE-2018-6462
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. Tracker PDF-XChange Viewer y Viewer AX SDK, en versiones anteriores a la 2.5.322.8, gestiona de manera incorrecta la conversión de espacios de color de YCC a RGB calculando en base de 1bpc en lugar de en 8bpc. Esto podría permitir que atacantes remotos ejecuten código arbitrario mediante un documento PDF manipulado. • https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt https://www.tracker-software.com/company/news_press_events/view/179 • CWE-787: Out-of-bounds Write •
CVE-2017-13056 – PDF-XChange Viewer 2.5 Build 314.0 - Code Execution
https://notcve.org/view.php?id=CVE-2017-13056
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. La función launchURL en PDF-XChange Viewer 2.5 (Build 314.0) podría permitir que atacantes remotos ejecuten código arbitrario mediante un archivo PDF manipulado. PDF-XChange Viewer version 2.5 (Build 314.0) suffers from a javascript API remote code execution vulnerability. • https://www.exploit-db.com/exploits/42537 http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html • CWE-20: Improper Input Validation •
CVE-2013-0729
https://notcve.org/view.php?id=CVE-2013-0729
Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file. Desbordamiento de buffer basado en memoria dinámica en Tracker Software PDF-XChange anterior a 2.5.208 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera Define Huffman Table manipulada en un flujo de archivo de imagen JPEG en un archivo PDF. • http://osvdb.org/89442 http://secunia.com/advisories/51855 http://www.securityfocus.com/bid/57491 http://www.tracker-software.com/company/news_press_events/view/123 https://exchange.xforce.ibmcloud.com/vulnerabilities/81427 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-5245
https://notcve.org/view.php?id=CVE-2010-5245
Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54.0 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de búsqueda de ruta no confiable en PDF-XChange Viewer 2.0 Build 54.0, permite a usuarios locales obtener privilegio a través del troyano wintab32.dll en el directorio de trabajo actual, como se ha demostrado con un directorio que contenía un archivo .pdf. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://secunia.com/advisories/41197 http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list •